Kudankulam Nuclear Power Plant data breach raises cybersecurity concerns

Cybercriminals are exploiting the popularity of AI coding tools by creating fake Claude Code installation pages that appear in search results through SEO poisoning. Victims are tricked into running malicious commands disguised as installation steps, leading to the deployment of a sophisticated fileless .NET infostealer.

Kudankulam Nuclear Power Plant data breach raises cybersecurity concernsKudankulam Nuclear Power Plant data breach raises cybersecurity concerns

The attack uses a multi-stage infection chain that bypasses traditional security tools, AMSI scanning, and endpoint detection systems. Once executed, the malware runs entirely in memory, steals browser credentials and sensitive data, and communicates with attacker-controlled infrastructure for data exfiltration.

Researchers warn that the campaign specifically targets new developers and non-technical users searching for Claude Code installation guides. Users should only download software from official sources and avoid websites that request running commands through the Windows Run dialog as part of the installation process.

The NPAV EDR solution helps protect critical infrastructure from cyber threats, data breaches, and unauthorised access.