Amid LAC face-off, cyberattacks caused massive power outage: NYT
In the middle of the stand-off in eastern Ladakh last year, China unleashed coordinated cyberattacks on India’s power facilities that may have triggered the massive power outage in Mumbai in October 2020.
The outage led to a countrywide uproar as India’s financial capital came to a grinding halt on October 12. Mumbai lifeline local trains were shut, hospitals could not carry lifesaving operations and stock exchange remained out of gear for hours.
The cyberattack on power facilities may have been initiated by a group of Chinese hackers, according to a study that first appeared in the New York Times.
China-linked threat activity group RedEcho may have planted malware in key power plants in India, said the study. “The Mumbai power cut provides additional evidence suggesting the coordinated targeting of Indian Load Dispatch Centres,” said the study.
The study also suggested that some of the country’s most sensitive infrastructures are vulnerable to cyberattacks from Chinese hackers.
Meanwhile, the Ministry of Power on Monday said there is no impact on operations of Power System Operation Corporation (POSOCO) due to any malware attack and that prompt actions are taken on advisories issued against such threats.
However, the Ministry did not mention about the Mumbai outage in its statement.
Responding on the findings of the study, the Ministry said, “There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents.”
The Ministry further said, “Prompt actions are being taken by the CISOs (chief information security officers) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.”
The CERT-in (Indian Computer Emergency Response Team) is the nodal agency to deal with cyber security threats like hacking and phishing.
The National Critical Information Infrastructure Protection Centre (NCIIPC) is national nodal agency for critical information infrastructure protection.
Confirming the possibility of the cyberattack, Maharashtra Energy Minister Nitin Raut on Monday said the New York Times report claiming that the massive power outage in Mumbai last year might have been due to a cyber attack from China was true.
“There is truth in the claims made by the NYT. We had formed three committees to enquire into the matter. We will receive a detailed report this evening from the cyber department,” Raut said.
The Maharashtra cyber department had initially suspected that a malware attack could be responsible for Mumbai’s power outage in October last year, which stopped trains and shut down hospitals and the stock exchange for hours. Some areas in suburban central Mumbai suffered outages for almost 10 to 12 hours.
Recorded Future, a US-based company that analyses online digital threats, first detected the flow of malware. Recorded Future’s Insikt Group observed that from early 2020 there was a large increase in suspected cyberattacks against Indian organisations from Chinese state-sponsored groups, said the report.
“From mid-2020, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India’s power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified include two Indian seaports,” the report said.
“There was a clear and consistent pattern of Indian organisations being targeted in this campaign through the behavioral profiling of network traffic to adversary infrastructure,” said Recorded Future.
The Chinese hacker targeted a total of 21 IP addresses linked to 12 Indian organisations in the power generation and transmission sector – classified as critical.
“At this time, the alleged link between the outage and the discovery of the unspecified malware variant remain unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Dispatch Centres,” said the report.
Tuesday, 02 March 2021 | PNS | New Delhi
