Chinese cyber-attack threat raises head again, PowerMin accepts past cases

ByPR 24


Accusations of sabotage by Chinese malware agencies on India’s power grid started flying again with a report by Somerville-based Recorded Future citing the same and Maharashtra government ordering an investigation into whether or not the Mumbai outage in October 2020 was due to any Chinese sabotage.


Cyber intelligence firm, Recorded Future in latest report said, China-linked Group RedEcho targeted the Indian power sector amid heightened border tensions.


“Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from Chinese state-sponsored groups,” the report said.





Recorded Future further said ten Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) are targets in a concerted campaign against India’s critical infrastructure.


The union ministry of power in a statement said, an alarm was raised on threat to RLDCs and National Load Despatch Centre (NLDC), operated by Power Systems Operations Company (POSOCO), but it was resolved.


“An email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO,” said the statement. CERT-In or Indian Computer Emergency Response Team under the Ministry of Electronics and Information Technology is the nodal agency to deal with cyber security threats.

Also Read: Chinese firms dominate power infra in states; industry warns of data breach


The power ministry further said, National Critical Information Infrastructure Protection Centre informed through a mail dated February 12, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that: “Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs). “


The ministry said, following the reports, all IPs and domains listed in the emails were blocked in the firewall at all control centres and all systems in control centres were scanned and cleaned by antivirus.


“Observations from all RLDCs & NLDC shows that there is no communication & data transfer taking place to the IPs mentioned. There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents,” said the statement.


Also Read: After Mumbai’s power outage, Tata power to upgrade city’s islanding system


Post the Galwan border skirmish between Indian and Chinese troops, and India banning Chinese power imports, this paper reported that 5 cities across 12 states have awarded contracts of real-time power supply and data management, communication infrastructure to Chinese companies, thereby elevating threat of cyber-attack.


A New York Times article on Monday cited the report by Recorded Future to indicate that the power outage which gripped the city of Mumbai and sub-urban areas on October 12, 2020 was a result of a cyber-malware inducted by Chinese agencies.


Dinesh Waghmare, principal secretary of the state energy department in a press conference on Monday said, “We had asked Maharashtra cyber police to investigate the matter as there was suspicion of sabotage. However, the investigation is still on and they have not come to a conclusion as yet. Preventive measures will also be taken.”


Senior government officials and executives from the power supply companies in Mumbai denied any cyber-attack link. In the meetings held since October, cyber-attack was discussed but could not be proved. The final report on the incident by a High level committee is awaited,” said a senior official.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Similar Posts

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

ByPR 24

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be…

‘Potential Cyber Incident’ Disrupted EMEA System

‘Potential Cyber Incident’ Disrupted EMEA System

ByPR 24

Cybercrime , Cybercrime as-a-service , Endpoint Security Some Reports Suggest BlackMatter Was Attacker Mihir Bagwe • September 13, 2021     (Image Source: Flickr) Olympus, a Japanese company that manufactures optics and reprography products, has reported that a portion of its IT system in the EMEA region was affected by a “potential cybersecurity incident” on…

Malspam Campaign Used Hancitor to Download Cuba Ransomware

Malspam Campaign Used Hancitor to Download Cuba Ransomware

ByPR 24

Cybercrime , Cybercrime as-a-service , Email Security & Protection Attackers Co-Opted Malware for Data Exfiltration and Ransom, Group-IB Finds Akshaya Asokan (asokan_akshaya) • May 8, 2021     Attackers co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion,…

Data of 3.5 m MobiKwik users allegedly hacked

Data of 3.5 m MobiKwik users allegedly hacked

ByPR 24

Personal details of 3.5 million MobiKwik users seem to have been leaked, according to independent cybersecurity researchers. The Gurugram-based fintech platform, however, denied any breach, saying its user and company data are completely safe and secure. The breach was flagged by French cybersecurity researcher Elliot Alderson in a tweet on Monday. “Probably, the largest KYC…

Interpol Thwarts Online Fraud Intercepting $83 Million Illicit Funds in the Asia-Pacific Region – HOTforSecurity

Interpol Thwarts Online Fraud Intercepting $83 Million Illicit Funds in the Asia-Pacific Region – HOTforSecurity

ByPR 24

Amid increasing cyber-enabled financial crimes, Interpol announced its latest successful operation, which intercepted a whopping $83 million in illicit funds. According to a press release, law enforcement agencies in the Asia Pacific region opened more than 1,400 investigations between September 2020 and March 2021 Over six months, the Interpol-coordinated operation, codenamed HAECHI-I l, led to…

Kaseya cyberattack: MSPs spared from ransoms – Security

Kaseya cyberattack: MSPs spared from ransoms – Security

ByPR 24

The ransomware gang who attacked Kaseya locked down systems and demanded ransom payments from end user organisations while passing over MSPs and Kaseya itself, according to Kaseya CEO Fred Voccola. Voccola told CRN USA the ransomware attacker sought money only from end customers rather than the approximately 50 MSPs who had been compromised through an…