According to Union Ministry of Power, “state-sponsored” Chinese hacker groups targeted various Indian power centres including Mumbai. The Ministry also said that these groups have been thwarted after government cyber agencies warned it about their activities. Even the New York Times reported that the Mumbai power outage in October 2020 was part of a coordinated cyberattack by China.
Statement issued by the Power Ministry
- There is no impact on any of the functionalities carried out by the Power Sector Operations Corporation (POSOCO) due to the referred threat and no data breach/data loss has been detected due to these incidents.
- According to the Ministry, prompt actions are being taken by the Chief Information Security Officers at all these control centres under operation by POSOCO for any incident/advisory received from various agencies.
- However, the Ministry in its statement made no direct mention of the Mumbai power outage which occurred on October 12, 2020, that lasted several hours.
NTRO had warned Power Ministry of the Malware
- Officials in the Power Ministry were warned about the malware “ShadowPad”by the Ministry of Electronics and Information Technology’s (MeitY’s) Cyber Emergency Response Team (India) (CERT-in) in November, 2020.
- Even the National Technical Research Organisation NTRO’s, National Critical Information Infrastructure Protection Centre (NCIIPC) in February 2021, has warned of the threats, weeks before the Recorded Future report was released.
- NCIIPC Report stated that stated that Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs).
- National Technical Research Organisation (NTRO) is the technical intelligence agency under National Security Advisor (NSA) and is listed under the Intelligence Organisations (Restriction of Rights) Act, 1985.
Report of US Cyber Security Firm – Recorded Future
- The alleged cyber-intrusion was discovered and revealed by U.S. cyber security and intelligence firm, Recorded Future, according to The New York Times, which broke the story. An October 12 grid failure in Mumbai may have been caused by the Chinese malware, as per the report.
- The US Report mentions about a Chinese group named “Red Echo”which has been identified in the U.S. company Recorded Future’s report as responsible for the Mumbai outage.
- The flow of malware was detected by Recorded Future, a Massachusetts-based company that analyses online digital threats. It found that most of the malware was never activated, meaning only a small proportion of malware caused the Mumbai power outage.
- As per the report of the US Firm, China-linked threat activity group RedEcho may have planted malware in key power plants in India.
- The Massachusetts-based firm found that in the lead-up to the clashes, they noticed an increase in malware targeting the government, defence organisations and the public sector. The Power Ministry confirmed that while attempts to breach systems were made, the sector had not been impacted.
According to Recorded Future, there is still some evidence of ongoing intrusion although a significant amount of it has subsided recently and the government has been alerted. The intrusions, which began in May 2020 continued throughout the year.