Power Ministry Confirms Chinese State Sponsored Hackers Targeted Indian Power Centres, All Attacks Thwarted

The Union Power Ministry revealed on Monday (2 March) that state-sponsored Chinese hacker groups had targeted several Indian power centres, the Hindu reports.

However, the Indian government cyber agencies had already flagged warnings regarding this issue and hence the Chinese miscreants were thwarted successfully.

The government has refused to confirm or deny a New York Times report about a US cyber firm’s claim that Mumbai’s power outage in October 2020 was a result of a coordinated cyber-attack by China. However, the firm also states that this threat hadn’t resulted in any data breach as such.

The Ministry of Power mentioned, “There is no impact on any of the functionalities carried out by the Power Sector Operations Corporation (POSOCO) due to the referred threat. No data breach/ data loss has been detected due to these incidents.”

It further added, “Prompt actions are being taken by the Chief Information Security Officers (CISOs) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.”

Officials quoted in the report disclosed that the Cyber Emergency Response Team-In (India) (CERT-In) of the Ministry of Electronics and Information Technology (MeITY) had warned them of the malware threat called ‘ShadowPad’ in November 2020. The National Critical Information Infrastructure Protection Centre (NCIIPC) has issued them similar warnings of the threat in February 2021, which was several weeks before the Recorded Future report was rolled out.

The concerned officials also specifically mentioned the Chinese group ‘Red Echo’, which Recorded Future has held responsible for Mumbai’s power outage too.

“NCIIPC informed [Power Ministry] through a mail dated 12 February, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs),” one of the quotes in the report mentions.

The ministry assured that they took necessary actions to ensure that no communication and data is transferred through internet protocol (IP) addresses that were said to be dangerous by the NCIIPC.

Meanwhile, the log of firewall is also being monitored to check any connection attempt with respect to the IPs and the domains. “Additionally, all systems in control centres were scanned and cleaned by antivirus,” the ministry claimed.

Maharashtra Home Minister Anil Deshmukh stated that a preliminary report of the Cyber Cell regarding the power outage was handed over to the state energy ministry. The findings reveal that it might have been an attempt of cyber sabotage.