STOCK MARKET BSE NSE

Hackers attacked power grid to coerce India at LAC?

The NYT report also claims that Indian authorities were alerted about the increase in deployment of malware and given technical details.

Published: 02nd March 2021 08:06 AM  |   Last Updated: 02nd March 2021 10:00 AM   |  A+A-

Express News Service

NEW DELHI/MUMBAI: State-sponsored Chinese hackers may have targeted Indian power grids and ports with malware even as tensions along the Line of Actual Control (LAC) escalated, The New York Times said quoting a US cybersecurity firm's study, leading to doubts over the cause of the October 12 grid failure in Mumbai.

Recorded Future, a Massachusetts-based company, found a spike in malware in Indian government, defence and public sector organisations in the build up to the clashes along the LAC since May last year. According to it, the cyber attacks began in May and continued throughout the year. Recorded Future claims the intrusions have now significantly come down.

Apart from Recorded Future, cybersecurity firm Cyfirma claimed state-sponsored Chinese hackers had targeted IT systems of two Indian COVID vaccine manufacturers - Serum Institute of India and Bharat Biotech.

According to Cyfirma, Chinese group APT10, also known as Stone Panda, identified vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII). Cyfirma Chief Executive told media that the real motive of the group was to exfiltrate IP addresses and gain a competitive advantage over Indian pharmaceutical firms. 

The NYT report also claims that Indian authorities were alerted about the increase in deployment of malware and given technical details. Responding to the report, the Power Ministry on Monday said an email was received from CERT-In on November 19, 2020, on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action was taken to address the threats. 

"NCIIPC informed through mail on February 12 about a state-sponsored Chinese hacker group Red Echo targeting Indian Power sector's Regional Load Dispatch Centres along with State Load Dispatch Centres," the ministry said, adding that all systems in control centres were scanned and cleaned by an anti-virus tool. 

The report quoted Recorded Future COO Stuart Solomon saying that Red Echo was observed to systematically use cyber intrusion techniques to gain foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure. "Recorded Future identified 21 IP addresses targeting 10 power organisations and two seaports - the VO Chidambaranar Port and Mumbai Port Trust," it added.

Meanwhile, the Maharashtra government ordered an inquiry into the alleged intrusion. Home minister Anil Deshmukh said the cyber cell was asked to submit a report. "We have taken cognisance of media reports and have decided to conduct a thorough inquiry into the cyberattack by China," he said.

Maharashtra Home minister Anil Deshmukh said that the 8 GB foreign server data may have transferred into the Maharashtra State Electricity Board serve system to sabotage the financial capital's power supply. He said as per their cyber department's detailed report some black-listed internet addresses are being used to login in MSEB’s server system to disturb Mumbai’s power supply in October of last year.

"American's Recorded Future, a Massachusetts-based company in its future network analysis report claimed that China might have introduced some viruses in MSEB system and Mumbai's electric infrastructure. We cannot rule out the foul play by China behind this unprecedented outage in Mumbai," Deshmukh said.

Beijing calls US firm's report irresponsible

The Chinese foreign ministry termed the report irresponsible. "Speculation and fabrication have no role to play on the issue of cyber attacks. It is irresponsible to accuse a particular party when there is no sufficient evidence," foreign ministry spokesperson Wang Wenbin said.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp