New Delhi: Speculation of a possible cyber attack on Kudankulam Nuclear Power Plant’s (KKNP) administrative network grew on Tuesday after reports surfaced of a possible malware attack.While officials at the plant issued a blanket denial, declaring that all Indian nuclear power plant control systems are “standalone” and thus impervious to “any cyber attack”, at least two media reports have indicated that there had been genuine worries within the government over a security breach in a part of the network.The Kudankulam imbroglio started on Monday night after cyber security professional Pukhraj Singh tweeted out that Narendra Modi government had been informed about a potential cyber attack.“Domain controller-level access [has been gained] at Kudankulam Nuclear Power Plant. The government was notified way back,” said Singh, adding that he was alerted to the issue by a “third party” and had informed relevant Indian government officials of the matter in September 2019. “I didn’t discover the intrusion, a 3rd party did. It contacted me & I notified National Cyber Security Coordinator on Sep 4 (date is crucial). The 3rd party then shared the IoCs with the NCSC’s office over the proceeding days. Kaspersky reported it later, called it DTrack,” he added.The National Cyber Security Coordinator (NCSC), which is currently headed by Retd Lt Gen Rajesh Pant, is a top government agency that handles everything from cybersecurity intelligence to online threats to critical infrastructure. At least one official associated with the NSCS confirmed to The Wire that they had recieved concerns had been raised over Kudankulam earlier this year and they had been “acted upon”, but declined to provide any more information.Both the NCSC and Nuclear Power Corporation of India did not respond to requests for comment.Separately however, The Hindustan Times, in a report put out on Tuesday night, quoted an anonymous government official as saying that a tip-off was received from a “friendly country” regarding an attack at Kudankulam and that a “team of experts was rushed to the facility located in Tirunelveli in Tamil Nadu in early September”.“The foreign government’s help allowed for a quick response,” the newspaper quoted the anonymous government official as saying. The Indian Express also on Wednesday morning reported, quoting anonymous senior government officials, that an “incident had occurred” at Kudankulam, with “some sort of vulnerability” that needed to be patched.Blanket denialIn a statement put out on Tuesday afternoon though, KKNP denied any cyber attack.“This is to clarify Kudankulam Nuclear Power Project and other Indian Nuclear Power Plants Control Systems are standalone and not connected to outside cyber network and Internet,” R Ramdoss, Training Superintendent & Information Officer, said in a statement.“Any Cyber attack on the Nuclear Power Plant Control System is not possible,” he added.According to the statement, the KNPP units 1 and 2 are operating at 1,000 MW and 600 MW respectively without any operation or safety concerns. The KNPP has two nuclear power units of 1,000 MW capacity each.Singh, while responding to this statement, clarified that the breach centered around the plant’s administrative network and not the operational one.“Please don’t confuse control systems with a domain controller. They’re different things,” he said.Clues to a malware attack? Singh’s tweets came after an anonymous Twitter account called “@a_tweeter_user” pointed to a data file uploaded on VirusTotal, a cybersecurity firm owned by Google.This file allegedly pointed towards an attack that resembled ones carried out by a malware called DTrack and evidence of a KKNP administrator’s user credentials having been leaked. It’s unclear however whether this alleged security breach was exploited to cause any harm to the plant’s administrative network or utilised to gain access to sensitive information.https://t.co/aBVxrJKIaoInteresting potential DTRACK (CC @Mao_Ware )Dumps the data mined output via manually mapped share over SMB to RFC1918 address with a statically encoded user/pass:> net use 10.38.1.35C$ su.controller5kk /user:KKNPPadministrator— く̱͕̘͚ず̡̭̠ (@a_tweeter_user) October 28, 2019Details of DTrack were first identified in late September by Russia-based Kaspersky Labs, which noted recently that the malware’s targets had included “banks and research centres in India”.“According to our telemetry, the last activity of DTrack was detected in the beginning of September 2019,” said the report.Kaspersky’s researchers said that some of the programming and execution characteristics of DTrack, and a similar malware it labelled ‘ATMDtrack’, was found infecting Indian ATM machines. Note: This article has been updated to add Indian Express’s reporting on the matter.