The Union government has acknowledged accusations that Chinese hackers persist to threaten Indian power plants, particularly those near the Line of Actual Control (LAC), despite a study from a U.S.-based cyber security firm claiming that Chinese State-sponsored actors have attacked seven power grid assets, the national emergency response system, as well as an Indian branch of a multinational logistics service provider since September 2021.
Chinese hackers attempted at least two attacks on electrical distribution centers in Ladakh, but were unsuccessful, according to Minister of Power R.K. Singh. “We’ve already strengthened our defence system to counter such cyberattacks,” he said, without specifying if the hackers were connected to the Chinese government.
MEA says no information at present
When questioned if the identified assaults had been reported to China, Ministry of External Affairs (MEA) spokesperson Arindam Bagchi said the MEA did not have any information at the moment, but voiced assurance that India’s “critical infrastructure” has necessary safeguards.
In a report dated April 6, security company Recorded Future said it has seen “likely network intrusions targeting at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective States,” in recent months.
It was noted that the SLDCs targeted were clustered geographically, with the detected SLDCs being located in North India, near the India-China boundary in Ladakh. Since April 2020, India and China have been at odds at various spots along the undemarcated LAC in eastern Ladakh.
The company said it was provisionally grouping the firm’s activities under the moniker Threat Activity Group-38 (TAG-38). “Since at least September 2021, we have observed TAG- 38 intrusions targeting the identified victim organizations. The group has employed probable compromised infrastructure for command and control of ShadowPad implants used to target the identified networks, as well as using the open source tool Fast Reverse Proxy (FRP).”
TAG-38 most likely hacked and coopted Internet-facing DVR/IP camera equipment for Shadowpad malware and FRP command and control (C2).
Limited economic espionage
Long-term targeting of Indian power grid resources by Chinese State-linked entities, according to the report, provided few prospects for economic espionage or conventional intelligence collection. “We believe this targeting is instead likely intended to enable information gathering surrounding critical infrastructure systems or is pre-positioning for future activity.The objective for intrusions may include gaining an increased understanding into these complex systems in order to facilitate capability development for future use or gaining sufficient access across the system in preparation for future contingency operations,” it explained.
This is not the first time that Recorded Feature has detected cyber-attacks. In March 2021, the Massachusetts-based firm discovered an uptick in malware targeting the government, defense organizations, and the public sector in the run-up to the Galwan skirmishes on June 15, 2020, in which 20 Indian soldiers were killed. The breaches by Red Echo, a Chinese state-sponsored organization, began in May 2020 and persisted year round, according to the report. Although efforts to penetrate systems were undertaken, the power industry was not affected, according to the Power Ministry. Maharashtra’s Electricity Minister, Nitin Raut, said on March 3, 2021, that a State Cyber Cell investigation had discovered “14 Trojan horses in the servers” of the Maharashtra State Electricity Transmission Company, which had the ability to impair power delivery.
Oppose hacking: China
China’s Foreign Ministry spokesperson Zhao Lijian responded to Recorded Future’s recent study, saying, “We have noted the relevant reports. As I repeated many times, we firmly oppose and crack down on all forms of hacking activities. We will never encourage, support or condone such activities.”
He added that cyberspace had the feature of being virtual and having a large number of players, and that there should be enough proof to designate relevant situations. “A lot of prudence is required in doing so. As is known to all, the U.S. is the empire of hacking. It has launched the most hacking activities in the world. I try to remind the relevant institution you mentioned, if it really cares about cybersecurity, it should pay more attention to the attacks launched by the U.S. against the Chinese companies and institutions. They should do more conducive that is to facilitate dialogue and cooperation among countries instead slinging mud at China.”