After ringing alarm bells over the Chinese cyber-attacks on India’s power infrastructure, US-based Recorded Future on March 4 said that other than 10 power sector assets including state-run NTPC and Power Sector Operation Corporation Ltd (POSOCO), two ports, oil and gas assets and the Indian Railways were also exposed to cyber-attacks by Chinese group RedEcho.
However, Recorded Future, a Massachusetts-based company that came out with the findings, said that there is no data to connect the Mumbai power outage with RedEcho but the group was live till February 28. Other than NTPC and POSOCO, the other power sector assets that were under attack included NTPC Kudgisuper thermal power plant, load despatch centres in Western, southern, northeastern and eastern regions, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, Delhi Transco Ltd substation at Mundka, V O Chidambaranar port in Tamil Nadu and Mumbai Port Trust.
Addressing a webinar, Christopher Ahlberg, co-founder and chief executive officer of Recorded Future, said, “We are tracking RedEcho since October 2020. Their targets include India’s oil and gas assets, electricity sector, maritime assets and critical rail infrastructure.”
After the report became public, the Ministry of Power came out with a statement saying that there was no impact on any of the functionalities carried out by POSOCO due to the referred threat and there was no data breach detected due to this incident. The ministry had received an email from the Indian Computer Emergency Response Team (CERT-In) in November 2020 about a threat by malware ‘ShadowPad’ at some control centres of POSOCO.
Ahlberg added that there is enough proof that ShadowPad is used by at least five Chinese threat activity groups. “This is not for any economic espionage opportunity, but it is targeted at future disruptive cyber operations,” he said. Recorded Future CEO said that the Indian government’s statement indicates that they have taken appropriate steps to tackle the attack.
A report submitted to the Maharashtra government by the state cyber department early this week indicated that a malware attack was behind the massive grid failure that hit Mumbai and surrounding areas on October 12 last year.