The Ministry of Power on Monday confirmed that it was aware of a Chinese cyber campaign to use malware to target India’s power network, PTI reported. However, it said that there was no impact on the operations of Power System Operation Corporation, or POSOCO, due to the “referred threat”.
The power ministry was responding to a report released by a United States private cybersecurity firm, which suggested that a massive power outage in Mumbai last year may have been the result of the online intrusion by a group of hackers sponsored by the Chinese government. Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, showed that Chinese malware was flowing into systems managing India’s electricity supply during the border standoff between the two countries along the Line of Actual Control.
“There is no impact on any of the functionalities carried out by POSOCO due to the referred threat,” the ministry said in a statement without mentioning the Mumbai power outage. “No data breach/data loss has been detected due to these incidents.”
The power ministry added that prompt actions are taken on advisories issued against such malware threats by chief information security officers at all the control centres.
Meanwhile, Maharashtra Energy Minister Nitin Raut said that the power blackout in October was caused by a cyber attack and it was an act of “sabotage”. Raut said the state government, the Maharashtra Electricity Regulatory Commission and the Central Electricity Authority had set up separate committees to investigate the cause of the power outage, and that their reports have been received.
“We had then complained to the cyber cell and their report is awaited,” he told reporters outside the Vidhan Bhavan in Mumbai. “But the preliminary information I have, there definitely was a cyber attack and it was a sabotage.”
On October 12, a grid failure in Mumbai resulted in massive power outage and brought India’s financial capital to a standstill. It stopped trains, froze the stock exchange, and affected treatment of coronavirus patients during the pandemic. It took around two hours for the power supply to resume for essential services.
Chinese Foreign Ministry spokesperson Wang Wenbin, however, on Monday rejected the criticism about China’s involvement in the hacking of India’s power grid, PTI reported. He said it was “irresponsible and ill-intentioned” to make allegations without proof.
US firm’s report
Recorded Future has claimed that “Red Echo”, a group sponsored by the Chinese state, was behind the online intrusion. The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis, its report said.
The US cybersecurity firm’s Chief Operating Officer Stuart Solomon told The New York Times that the Chinese group had been seen to systematically use advanced cyberintrusion techniques to “quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.
According to The New York Times, Recorded Future sent its findings to the Computer Emergency Response Team in India. The agency, which is part of the Ministry of Electronics and Information Technology, deals with cyber security threats.
The agency acknowledged twice that it had received the information, but said nothing about whether it had also uncovered Chinese code in India’s power grid, according to the newspaper.
Former Indian Army commander Lieutenant General DS Hooda told The New York Times that China was trying to warn India about its capabilities. “I think the signalling is being done by China to indicate that we can and we have the capability to do this in times of a crisis,” Hooda said. “It’s like sending a warning to India that this capability exists with us.”