Chinese cyber attack caused massive Mumbai power outage last year?
As India and China reaffirmed their commitment to ending the standoff in Ladakh late last month, a report in The New York Times has claimed China has been targeting Indian utilities and infrastructure using cyber attacks to possibly coerce New Delhi on the border issue.
The New York Times on Sunday reported that a study by Recorded Future, a US internet security firm, found Chinese malware “was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant” at the time of the Ladakh standoff. Recorded Future monitors state-sponsored cyber activity.
Recorded Future pointed out that a Chinese state-sponsored group, which it referred to as Red Echo, “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.
The Recorded Future study raised questions about the massive power outage in Mumbai on October 12 last year that virtually crippled India’s financial capital, causing chaos at hospitals and leading to the stoppage of its arterial suburban train network. The New York Times noted, “The discovery [of malware] raises the question about whether an outage that struck on Oct. 13 [sic] in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.”
Indian media reports after the Mumbai outage did refer to the possibility of Chinese cyber activity. Recorded Future claimed it had notified the Computer Emergency Response Team (CERT-In), India’s nodal cybersecurity body, about its findings. The New York Times reported CERT-In had acknowledged receipt of the information, but had given no response about possible code inserted by Chinese elements into the electricity grid.
The New York Times reported, “Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.”
While Recorded Future noted that a link between the Mumbai outage and malware “remains unsubstantiated,” the study noted “additional evidence suggested the coordinated targeting of the Indian load dispatch centers,” which balance the electrical demands across regions of the country, according to The New York Times.
Lt. General D.S. Hooda, the Indian Army officer who oversaw the 2016 surgical strike across the Line of Control, interpreted the possibility of Chinese cyber attack as “signalling” by Beijing.
“I think the signalling is being done (by China) that we can and we have the capability to do this in times of a crisis… It’s like sending a warning to India that this capability exists with us,” Hooda was quoted as saying by The New York Times.
The New York Times reported that in February last year, China accused a patchwork of “state-backed” organisations in India of using COVID-19 themed phishing emails to steal information from Chinese hospitals and research groups.
As the Ladakh standoff began, Chinese hackers began concerted activity against India. “Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the incursions were so-called denial-of-service attacks that knocked these systems offline; others were phishing attacks, according to the police in the Indian state of Maharashtra, home to Mumbai,” The New York Times reported.
A new wave of attacks began with phishing emails to Indians in October and November. “Researchers tied the attacks to domains registered in China’s Guangdong and Henan Provinces, to an organization called Fang Xiao Qing. The aim… was to obtain a beachhead in Indians’ devices, possibly for future attacks,” The New York Times reported.
China as a cyber power
Global analysts have warned of the rise of coercive cyber capabilities in China for over a decade. While initially, Chinese agencies were known for espionage and theft of commercial information, China has been known to be developing capabilities to target an adversary’s vital economic and military infrastructure using digital methods.
The 2020 report to the US Congress of the US-China Economic and Security Review Commission (USCC) noted, “PLA strategists view the cyber domain as particularly critical to power projection, and China’s dominance of global telecommunications infrastructure could bolster that capability… China’s dominance of global internet communications technology infrastructure, combined with its push to set global technology standards and its military-civil fusion strategy, may enhance the PLA’s ability to
disrupt command and control networks and spy on foreign countries.”
The USCC report stated, “Chinese actors also launched cyber attacks against U.S. organizations involved in COVID-19 research to gain the upper hand in the race to a vaccine. In April, the Trump Administration blamed Chinese cyberactors for a wave of cyber attacks on hospitals and other healthcare providers, research laboratories, and pharmaceutical companies, as well as a series of daily strikes against the U.S. Department of Health and Human Services.”