In what appears to be China’s retaliatory move against India’s crackdown on Chinese apps last year, Beijing was suspected to be behind a massive cyber attack in the country’s financial capital Mumbai, which triggered an hours-long power outage bringing the movement of local trains to a grinding halt.
In the wake of June 15, 2020, Galwan Valley clash in eastern Ladakh, in which 20 Indian soldiers were killed, the Indian government had banned over 100 Chinese mobile apps citing security concerns. Seems like China got back at India with malware. In October 2020, India’s financial capital Mumbai had faced a massive power outage, believed to be triggered by Chinese malware.
The outage had completely paralyzed India’s financial capital as it had hit Mumbai’s lifeline — the local trains, besides affecting services in hospitals, stock exchange for several hours. A report by Recorded Future, a US-based company that analyses online digital threats, has revealed that China-linked threat activity group RedEcho may have planted malware in key power plants in India.
The study has indicated that the country’s most sensitive national infrastructure is vulnerable to systematic attacks from Chinese hackers using state-of-the-art viruses that hack into systems.
It said the links to the Mumbai power cut “provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres”.
The research found out that most of the malware was never activated and Recorded Future could not examine the details of the code placed in strategic power-distribution systems across the country because they could not get inside India’s power systems.
The attack had targeted a total of 21 IP addresses linked to 12 Indian organizations in the power generation and transmission sector – classified as critical. As per Recorded Future, there was a “clear and consistent pattern of Indian organizations being targeted in this campaign through the behavioral profiling of network traffic to adversary infrastructure”.
Recorded Future’s midpoint collection revealed a steep rise around mid-2020 in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India’s power sector.
In a concerted campaign against India, the report said 10 distinct Indian power sector organizations, including four of the five regional load dispatch centers responsible for the operation of the power grid through balancing electricity supply and demand, were identified as targets.
After the report came out, the Indian power ministry has confirmed the attack. It said that the government was aware of a major Chinese state operation to use malware to penetrate India’s power network.
The ministry statement said prompt action was taken and there was “no impact” on any of the facilities due to the “referred threat”. “No data breach/ data loss has been detected due to these incidents,” it said but did not mention the Mumbai outage.