The massive power outage in Mumbai last year is being linked to Chinese activities. Trains were stopped and darkness engulfed hospitals and the stock exchange across the financial capital for capitals in October, 2020. This could have been due to the activities of Chinese hackers amid a prolonged stand-off at the border, according to a new study.
The report by US-based digital threat analysing company Recorded Future has been shared with the Indian government. The study, first reported by New York Times, found Chinese malware flowing into system managing power supply across India at the time when India-China tensions at the Ladakh area escalated following the Galwan clash in June.
RedEcho, an activity group from China, is being accused of planting malware in key power plants across India. It said that links to Mumbai power cut “provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres.” The report further indicates vulnerability of India’s national digital infrastructure.
Most of the malware were never activated, a news report quoted the study as saying. It said the US group could not examine the details of the code placed in power-distribution systems across the country since it could not enter the Indian power systems.
The Insikt Group of Recorded Future has since mid-2020 been observing a steep increase in suspected targeted intrusions by China-sponsored groups into Indian facilities.
“From mid-2020, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India’s power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified include two Indian seaports,” said the report.
Recorded Future claimed of a “clear and consistent pattern” in which Indian organisations were being targeted. The attack targeted 21 IP addresses linked to 12 Indian organisations in the “critical” power generation and transmission sector.
Regarding October’s Mumbai power outage, the report said that its link with the discovery of an unspecified malware variant remains unsubstantiated, but the disclosure suggests a coordinated targeting of load despatch centres in the country.