Mumbai Outage Example Of China Targeting India Power Facilities: Report
Mumbai Outage Example Of China Targeting India Power
China may have targeted power facilities across India last year in the middle of hostilities at the border, a new study has said. A massive power outage in Mumbai in October, which stopped trains and shut down hospitals for hours at the height of the Covid crisis, may have been linked to these activities by a Chinese threat activity group, says the report that has been the government has been told about.
The report says China-linked threat activity group RedEcho targeted the Indian power sector and the activity was identified through a combination of large-scale automated network traffic analytics and expert analysis. The links to the Mumbai power cut "provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres," it said.
The study shows that alongside the Ladakh tensions, which escalated in June with the clash at Galwan Valley in which 20 Indian soldiers died for the country, Chinese malware was flowing into systems that manage power supply across India.
The flow of malware was pieced together by Recorded Future, a US-based company that studies the use of the internet by state actors. It found that most of the malware was never activated. And because Recorded Future could not get inside India's power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country.
Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from Chinese state-sponsored groups, said the report.
"From mid-2020, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India's power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure. Other targets identified include two Indian seaports," the report said.
There was a "clear and consistent pattern of Indian organizations being targeted in this campaign through the behavioural profiling of network traffic to adversary infrastructure", said Recorded Future.
A total of 21 IP addresses linked to 12 Indian organizations in the power generation and transmission sector - classified as critical -- were targeted.
The report said media reports had previously linked the October power outage in Mumbai to malware at a Padgha-based State Load Despatch Centre. "At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres," said the report.