Indian Power Grid Targeted Again by Chinese State-Backed Hackers: US Intel Firm

The targeting was "geographically concentrated" in North India, in proximity to the India-China border in Ladakh, Recorded Future said.

Listen to this article:

New Delhi: Chinese state-backed hackers have once again targeted Indian power infrastructure, an American intelligence company said even as the Indian government said it was aware of some ‘probing attacks’ which were ultimately unsuccessful.

Recorded Future, the intelligence firm, said in a report that hackers had targeted at least seven Indian state load despatch centres (SLDCs), which are responsible for carrying out electrical dispatch and grid control. It said this targeting was “geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh”.

The group reportedly used the trojan ShadowPad, which is believed to have been developed by contractors for China’s Ministry of State Security, leading to the conclusion that this was a state-sponsored hacking effort.

The company said it had identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group.

Recorded Future had said in a February 2021 report that the massive power outage in Mumbai in October 2020 may have been the result of a Chinese cyber campaign against India, timed as a ‘show of force’ warning to New Delhi. Among other targets were four of the five regional load despatch centres, the company had claimed.

Also Read: Did Chinese Hackers Cause Mumbai’s Power Failure in October 2020?

In its latest report, Recorded Future said though India and China have agreed to a partial troop disengagement from February 2021, “the prolonged targeting of Indian critical infrastructure continues to raise concerns over pre-positioning activity being conducted by Chinese adversaries”.

The company said while the latest activity displays targeting and capability consistencies with the RedEcho group, which was responsible for earlier attempts to target the Indian infrastructure, “there are also some notable distinctions”. Therefore, the report does not attribute the latest actions to RedEcho and instead to the temporary group name Threat Activity Group 38 (TAG-38).

The report says that the “coordinated effort” to target Indian power infrastructure is notably distinct from other established Chinese cyberespionage efforts – which usually take the form of targeting foreign governments, surveillance of dissident and minority groups and economic espionage

The targeting of Indian power infrastructure, “given the continued heightened tension and border disputes between the two countries”, is a cause for concern, said Recorded Future.

“Given the prolonged targeting of both SLDCs and RLDCs within India, first from RedEcho and now in this latest TAG-38 activity, we believe this targeting is a strategic priority for these actors and is likely to continue,” the Massachusetts-based company warned.

‘Strong defence’ says power minister

Meanwhile, power minister R.K. Singh on Thursday said the country has a “strong defence” against any kind of cyberattacks. “Our defence against cyberattacks is strong. These [attempts to target power infrastructure] were probing attacks in December, January and February. They did not succeed. But we are aware,” Singh said.

The minister also said that action was taken back in 2018 against suspected cyberattacks on the country’s power supply system. “We had put protocols in place. Those protocols are working and we are strengthening those protocols everyday. So, our cyber defence against cyber-attack is strong. We are confident about that,” Singh said.

The Chinese government denied reports that its hackers targeted the Indian power grid in Ladakh. “We have noted the relevant reports,” China’s foreign ministry spokesman Zhao Lijian said during a media briefing on Thursday.

“As I repeated many times, we firmly oppose and crack down on all forms of hacking activities. We will never encourage, support or condone such activities,” he said.

China routinely denies allegations of hacking by its state-sponsored hackers, demanding evidence. It also claims that it is a victim of hacking from US networks.