A report released by a United States private cybersecurity firm has suggested that a Chinese cyber campaign targeted India’s power grid, months after the Galwan valley clash in June, in which soldiers from both the countries were killed.
Recorded Future’s report raised questions about a possible link between the clash and a power blackout that brought India’s financial capital Mumbai to a standstill in October, according to The New York Times. Indian media had reported that authorities suspected that a malware attack had caused the outage.
On October 12, a grid failure in Mumbai resulted in massive power outage and brought India’s financial capital to a standstill. It stopped trains, froze the stock exchange, and affected treatment of coronavirus patients during the pandemic. It took around two hours for the power supply to resume for essential services.
The US cybersecurity firm’s report showed that Chinese malware was flowing into systems managing India’s electricity supply as border tensions between the two countries continued. Recorded Future claimed that “Red Echo”, a group sponsored by the Chinese state, was behind this intrusion.
“Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organizations from Chinese state-sponsored groups,” the report said. “From mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector.”
The report identified 10 Indian power sector organisations, including four of the five Regional Load Despatch Centres, as the targets of a “concerted campaign” against India’s critical infrastructure. “Other targets identified included two Indian seaports,” the report added.
Recorded Future’s Chief Operating Officer Stuart Solomon told The New York Times that the Chinese group had been seen to systematically use advanced cyberintrusion techniques to “quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.
The investigators who wrote the report said the alleged link between the outage and the discovery of the unspecified malware variant remained unsubstantiated so far. “However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres,” they said in the report.
According to The New York Times, Recorded Future sent its findings to the Computer Emergency Response Team in India. The agency, which is part of the Ministry of Electronics and Information Technology, deals with cyber security threats.
The agency acknowledged twice that it had received the information, but said nothing about whether it had also uncovered Chinese code in India’s power grid, according to the newspaper.
Former Indian Army commander Lieutenant General DS Hooda told The New York Times that China was trying to warn India about its capabilities. “I think the signalling is being done by China to indicate that we can and we have the capability to do this in times of a crisis,” Hooda said. “It’s like sending a warning to India that this capability exists with us.”
Border tensions flared up in June after deadly clashes between Indian and Chinese soldiers in Ladakh’s Galwan Valley. Twenty Indian soldiers were killed in the clashes. China identified the casualties on its side only in February, saying that four soldiers died.
The talks between the militaries of the two countries began soon after the clashes. However, a breakthrough came only in February this year as Union Defence Minister Rajnath Singh informed the Parliament about the disengagement agreement reached between India and China.
The disengagement process along Pangong Tso in Ladakh began on February 10, as military commanders began pulling out troops, tanks and artillery from the area in the first step towards full withdrawal. The process has been completed. On February 20, India and China held commander-level talks to discuss pulling back from other areas.