Indian Minister of State Jitendra Singh told parliament that a cyberattack discovered on 4 September at the Kudankulam nuclear plant in Tamil Nadu had been limited to the plant's administrative network.
He said the internet-connected network affected by the malware infection was used to manage day-to-day administrative activities, and that the plant's control and instrumentation system is not connected to any external network including the internet, intranet or the administrative system.
Nuclear Power Corporation of India Ltd (NPCIL) said on 30 October that investigations had begun immediately after Indian Computer Emergency Response Team (CERT-In) discovered the malware. Investigations by the Department of Atomic Energy's Computer and Information Security Advisory Group and CERT-In had concluded the infection was limited to the power plant's administrative network.
Kudankulam hosts two operating AES-92 VVER reactors supplied by Russia's Atomstroyexport, built by NPCIL and commissioned and operated by NPCIL under International Atomic Energy Agency (IAEA) safeguards. Two further AES-92 units are under construction at the site scheduled to begin commercial operation in 2025 and 2026, with two more units planned.