Accusations of sabotage by Chinese malware agencies on India’s power grid started flying again with a report by Somerville-based Recorded Future citing the same and Maharashtra government ordering an investigation into whether or not the Mumbai outage in October 2020 was due to any Chinese sabotage.
Cyber intelligence firm, Recorded Future in latest report said, China-linked Group RedEcho targeted the Indian power sector amid heightened border tensions.
“Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from Chinese state-sponsored groups,” the report said.
Recorded Future further said ten Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) are targets in a concerted campaign against India’s critical infrastructure.
The union ministry of power in a statement said, an alarm was raised on threat to RLDCs and National Load Despatch Centre (NLDC), operated by Power Systems Operations Company (POSOCO), but it was resolved.
“An email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO,” said the statement. CERT-In or Indian Computer Emergency Response Team under the Ministry of Electronics and Information Technology is the nodal agency to deal with cyber security threats.
The power ministry further said, National Critical Information Infrastructure Protection Centre informed through a mail dated February 12, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that: “Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs). “
The ministry said, following the reports, all IPs and domains listed in the emails were blocked in the firewall at all control centres and all systems in control centres were scanned and cleaned by antivirus.
“Observations from all RLDCs & NLDC shows that there is no communication & data transfer taking place to the IPs mentioned. There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents,” said the statement.
Post the Galwan border skirmish between Indian and Chinese troops, and India banning Chinese power imports, this paper reported that 5 cities across 12 states have awarded contracts of real-time power supply and data management, communication infrastructure to Chinese companies, thereby elevating threat of cyber-attack.
A New York Times article on Monday cited the report by Recorded Future to indicate that the power outage which gripped the city of Mumbai and sub-urban areas on October 12, 2020 was a result of a cyber-malware inducted by Chinese agencies.
Dinesh Waghmare, principal secretary of the state energy department in a press conference on Monday said, “We had asked Maharashtra cyber police to investigate the matter as there was suspicion of sabotage. However, the investigation is still on and they have not come to a conclusion as yet. Preventive measures will also be taken.”
Senior government officials and executives from the power supply companies in Mumbai denied any cyber-attack link. In the meetings held since October, cyber-attack was discussed but could not be proved. The final report on the incident by a High level committee is awaited,” said a senior official.