China-linked attackers target India’s power infra: What you need to know
Chinese government-linked attackers possibly gained access to computer networks part of India’s power infrastructure, a US-based cybersecurity firm has said, citing technical clues that federal power ministry officials separately said had been on their radar. Here is all you need to know about the disclosure:
• It fuelled speculation that a blackout in Mumbai last year may have been the result of sabotage.
• First reported by the New York Times on Monday, security consultancy Recorded Future said the attackers (which it calls RedEcho) targeted at least “10 distinct power sector organisations” with malware known as ShadowPad.
• Hours after the disclosure, the Union power ministry said it had received inputs from Indian agencies — first in November and then again in February this year — about the threat of infection from ShadowPad, prompting remedial measures.
• The ministry said no data breach or data loss has been detected due to these incidents.
• The ministry’s statement appeared to suggest that the attacks were not behind the October 12, 2020, power outage in Mumbai that had lasted up to 12 hours in some parts of India’s financial capital, bringing the city’s local trains to a halt and forcing the airport to switch to back-up supply.
• Recorded Future’s Insikt Group, the cyber threat intelligence division, also referred to the Mumbai blackout but said it did not have forensics evidence to link the incident to the China-linked campaign.
• In Maharashtra, state home minister Anil Deshmukh said on Monday the state police suspect a cyber-attack to be the reason for the power cut in Mumbai.
• Some 14 trojan horses may have introduced in the server of the Maharashtra State Electricity Board, data of around 8GB may have transferred from unaccounted foreign servers, similarly, the login may have been made by blacklisted IP addresses in the MSEB server, Deshmukh said.
• He cited the preliminary probe of the cyber police following analysis of the supervisory control and data acquisition networks.
• Deshmukh did not give details about what malware was used or the identity of the attackers.
• The disclosures of the attempts of sabotage of critical infrastructure by Chinese operatives point to the possibility of an unprecedented escalation of conflict between India and China in cyberspace.
• The two countries had a bitter border confrontation, including the first fatal clash between their troops in decades, last year.
• The two sides have since stepped back from the border stand-off.
• According to Recorded Future’s Insikt Group, the campaign targeted “a large swathe of India’s power sector” and shares the same digital infrastructure and left similar footprints as other Chinese actors, which, too, use ShadowPad, a modular backdoor malware that can hand attackers full control over a computer system.