Hackers attacked power grid to coerce India at LAC?

NEW DELHI/MUMBAI: State-sponsored Chinese hackers may have targeted Indian power grids and ports with malware even as tensions along the Line of Actual Control (LAC) escalated, The New York Times said quoting a US cybersecurity firm's study, leading to doubts over the cause of the October 12 grid failure in Mumbai.

Recorded Future, a Massachusetts-based company, found a spike in malware in Indian government, defence and public sector organisations in the build up to the clashes along the LAC since May last year. According to it, the cyber attacks began in May and continued throughout the year. Recorded Future claims the intrusions have now significantly come down.

Apart from Recorded Future, cybersecurity firm Cyfirma claimed state-sponsored Chinese hackers had targeted IT systems of two Indian COVID vaccine manufacturers - Serum Institute of India and Bharat Biotech.

According to Cyfirma, Chinese group APT10, also known as Stone Panda, identified vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII). Cyfirma Chief Executive told media that the real motive of the group was to exfiltrate IP addresses and gain a competitive advantage over Indian pharmaceutical firms. 

The NYT report also claims that Indian authorities were alerted about the increase in deployment of malware and given technical details. Responding to the report, the Power Ministry on Monday said an email was received from CERT-In on November 19, 2020, on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action was taken to address the threats. 

"NCIIPC informed through mail on February 12 about a state-sponsored Chinese hacker group Red Echo targeting Indian Power sector's Regional Load Dispatch Centres along with State Load Dispatch Centres," the ministry said, adding that all systems in control centres were scanned and cleaned by an anti-virus tool. 

The report quoted Recorded Future COO Stuart Solomon saying that Red Echo was observed to systematically use cyber intrusion techniques to gain foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure. "Recorded Future identified 21 IP addresses targeting 10 power organisations and two seaports - the VO Chidambaranar Port and Mumbai Port Trust," it added.

Meanwhile, the Maharashtra government ordered an inquiry into the alleged intrusion. Home minister Anil Deshmukh said the cyber cell was asked to submit a report. "We have taken cognisance of media reports and have decided to conduct a thorough inquiry into the cyberattack by China," he said.

Maharashtra Home minister Anil Deshmukh said that the 8 GB foreign server data may have transferred into the Maharashtra State Electricity Board serve system to sabotage the financial capital's power supply. He said as per their cyber department's detailed report some black-listed internet addresses are being used to login in MSEB’s server system to disturb Mumbai’s power supply in October of last year.

"American's Recorded Future, a Massachusetts-based company in its future network analysis report claimed that China might have introduced some viruses in MSEB system and Mumbai's electric infrastructure. We cannot rule out the foul play by China behind this unprecedented outage in Mumbai," Deshmukh said.

Beijing calls US firm's report irresponsible

The Chinese foreign ministry termed the report irresponsible. "Speculation and fabrication have no role to play on the issue of cyber attacks. It is irresponsible to accuse a particular party when there is no sufficient evidence," foreign ministry spokesperson Wang Wenbin said.