In October last year, Mumbai and suburban areas had witnessed a power outage because of a grid failure bringing the city, including its local trains, to a complete halt. The power outage that occurred across Mumbai, Thane and Navi Mumbai was suspected to be the result of a sophisticated sabotage attempt to target the country’s power utilities.
According to a report by New York Times, the power outrage in Mumbai and the surrounding areas last year may have been the handiwork of the Chinese, who wanted to launch a widespread cyber campaign against India’s power grid as to send a message that “if India pushed too hard, the light could go out”.
The Mumbai blackout had come just a few months after Chinese and Indian troops had clashed in Galwan Valley. The India China standoff had lasted months and had caused casualties on both sides.
The new research quoted by NYT showed that the two incidents might have been related as China may have played a role in Mumbai blackout by initiating a malware attack against the power grid. The research shows that as the stand-off continued between the two sides at the Himalayas, the Chinese had hacked the power grid’s control systems through malware.
The malware stream was summarised by Recorded Future in Somerville, Massachusetts, a company that studies the use of the internet by state actors. According to Recorded Future, most of the malware infused into the power grid was never activated. As Recorded Future was unable to enter the Indian power system, they could not look into the details of the code placed in strategic power distribution systems across the country. It has notified Indian authorities, but so far, they have not reported what they have found.
Stuart Solomon, the Chief Operating Officer of Recorded Future, said a Chinese national support group named Red Echo “systematically leverages advanced cyber intrusion technology to reach nearly 12 key nodes across India quietly. It was seen to build a foothold. Power and transmission infrastructure.”
Beijing could have acted more aggressively, says the study
The finding raises serious questions about the security of the country’s strategic assets, especially in a city like Mumbai, and hints at whether it was a message from Beijing about what would happen if India pushed hard more aggressively.
As per the report, Indian officials had cautioned about the cyberattack originating in China against a nearby power load management centre. They had also launched a formal investigation. The Indian officials were also concerned with the malware intrusion into the country’s power grid. However, one has to see whether the evidence provided to them by the Recorded Future will result in any action.
Some suggest that acknowledging its insertion and blaming China for the blackout may complicate the diplomacy in recent days as there have been attempts to ease tensions between the two countries, and the matter is less likely to be featured in their talks.
The “suspicious link between the outage and the discovery of unspecified malware” in the system “remains unfounded”, said an investigator who wrote the Recorded Future survey. However, the Indian investigators said that the additional evidence suggested coordinated targeting at the Load Dispatch Center in India that balances electricity demand across its regions.
Responding to the findings, Lt Gen DS Hooda (Retd.) said, China “I think China is doing the signalling to indicate that we can, and we have the capability to do this in times of a crisis. It’s like sending a warning to India that this capability exists with us.”
Chinese hackers continue to attack, CERT-In looking to attacks
Till recently, China was mainly focusing on information theft. However, Beijing has now become more and more aggressive in terms of infiltrating into infrastructure systems.
In India’s case, Recorded Future has sent the findings to the Computer Emergency Response Team (CERT-In) in India. The CERT has confirmed the information receipt twice but is yet to reveal anything about whether it found the code on the power grid, said the NYT report.
In addition to an infusion of malware into the power grid, the Chinese hackers have unleashed a swarm of 40,300 hacking attacks on India’s technology and banking infrastructure in just a span of five days. According to Mumbai police, some were denial-of-service attacks that knocked these systems offline, while some were phishing attacks.
The security experts at the Cyber Peace Foundation, an Indian nonprofit that follows hacking efforts, reported a new wave of Chinese attacks on Indians. They found out that the attacks originated in China’s Guangdong and Henan Provinces, to an organization called Fang Xiao Qing. Such attacks aimed to obtain a beachhead in Indians’ devices, possibly for future attacks.
“One of the intentions seems to be power projection,” said Vineet Kumar, the president of the Cyber Peace Foundation.
Since last year, the foundation has also recorded an increase of malware directed at India’s power sector, from petroleum refineries to a nuclear power plant.
Meanwhile, India’s military experts have renewed their demands to the government to replace the Chinese-made hardware for India’s power sector and its critical rail system. “The issue is we still haven’t been able to get rid of our dependence on foreign hardware and foreign software,” General Hooda said.
With attacks continue to increase, the Indian government authorities have said a review is underway of India’s information technology contracts, including with Chinese companies. However, the reality is that ripping out the existing infrastructure is expensive and difficult.