A massive power outage in Mumbai last year was apparently a result of an online intrusion by China, according to a study released by a US company. It has claimed that a group of Chinese government-linked hackers targeted India’s critical power grid system through malware, which came alongside the escalated border tension between India and China in 2020.
A recent report by Recorded Future, a Massachusetts-based company, has in detail reported the campaign conducted by a China-linked threat activity group RedEcho, which targeted the Indian power sector.
Maharashtra government has taken cognisance of the report, claiming that the power outage in Mumbai was linked to this. State Home Minister Anil Deshmukh has sought a report from the cyber department over it.
The company, which studies the use of the internet by state actors, had notified the concerned Indian government departments before the publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.
Also Read | India, China discuss further disengagement in eastern Ladakh during 10th round of talks
Last year on October 12, a massive power outage was reported in Mumbai due to a grid failure, affecting the state amid COVID-19 pandemic. The power supply was resumed in the financial capital of India after two hours and an enquiry was ordered by Maharashtra Chief Minister Uddhav Thackeray into the grid failure.
The report said that the Indian government did not respond immediately to the study by Recorded Future. The report says the Insikt Group of the company has observed a large increase in suspected targeted intrusion by the Chinese state-sponsored group against Indian organisations.
Also Read | China honours 4 soldiers who died in Galwan clashes; first admission of casualties
After the report by Recorded Future, an article in The New York Times said that the discovery raises the question of whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.
“From mid-2020, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India’s power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified include two Indian seaports,” it said.
A total of 21 IP addresses linked to 12 Indian organisations in the power generation and transmission sector, which are classified as critical, were targeted.
In the lead-up to the May 2020 border skirmishes, the report said that the company noticed an increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.
While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.
“The PlugX activity included the targeting of multiple Indian government, public sector, and defence organisations from at least May 2020,” it said.
While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.
“Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups,” it said.
