Chinese hackers allegedly targeted India’s power grid

BANGKOK (AP) – India’s power sector has been targeted by hackers in a long-term operation, detailed in a new report by a state-sponsored Chinese conglomerate, a US-based private cyber security company.

Over the past several months, the Insect Group, the threat research division of Massachusetts-based Recorded Future, said it had collected evidence that hackers targeted seven Indian state centers both to conduct power transmission and grid control near disputed border areas. are responsible for. nuclear neighbors.

The group primarily used the Trojan ShadowPad, which is believed to have been developed by contractors from China’s Ministry of State Security, leading the group to conclude that it was a state-sponsored hacking attempt, the group reported.

“Shadowpad is being employed by a growing number of groups affiliated with the People’s Liberation Army and the Ministry of State Security, with its origins being traced to known MSS contractors, who first use the equipment in their own operations and later the Digital Quartermaster.” act as-is, Recorded Future reported late Wednesday.

China’s Foreign Ministry spokesman Zhao Lijian said on Thursday that the report had been “noted” by Beijing, but that China “strongly opposes and counters cyber attacks of any kind, and encourages any cyber attacks, Will not endorse or condemn.”

“I would like to advise the concerned company that if they really care about global cyber security, they should pay more attention to cyber attacks by US government hackers on China and other countries, and promote dialogue and cooperation between countries. Should do more to help deliver, instead of using the issue of cyberattacks to create trouble and sling mud on China,” he told reporters.

India’s Ministry of Electronics and Information Technology on Thursday did not immediately return calls seeking comment and Power Minister RK Singh said the report was not a cause for concern.

“We are always ready,” he said. “We have a very strong security system. We are always on alert.”

Insikt Group already detected and reported a Chinese-sponsored hack of 10 Indian power sector organizations in February 2021 by a group called RedEcho. The recent hack with RedEcho “demonstrates targeting and capability stability”, but there are also “notable distinctions” between the two, so the group is given the working name of Threat Activity Group 38, or TAG-38, because more information is collected. ,

After a brief lull after its first report, Recorded Future said the Insikt Group has again started tracking hacking attempts at India’s power grid organizations. Over the past several months, until the end of March, it has identified possible network incursions targeting at least seven of India’s so-called “State Load Despatch Centers” – all near the disputed border in Ladakh, where the Chinese in June 2020. And the Indian soldiers had clashed. In which 20 Indian soldiers and four Chinese were killed.

“Recorded Future continues to track Chinese state-sponsored activity groups targeting a wide variety of sectors globally – a large majority of it in line with longstanding cyber espionage efforts, such as those targeting foreign governments, surveillance and economic espionage of dissident and minority groups,” the report said.

However, the coordinated effort to target Indian power grid assets in recent years is remarkably different from our approach and, given the ever-increasing tensions and border disputes between the two countries, we believe this is a cause for concern.

The hackers are believed to have gained access through third-party devices connected to the Internet, such as IP cameras, that were compromised, the company said.

Investigators have yet to determine how they were compromised, but Recorded Future suggested they were originally set up using default credentials, leaving them vulnerable.

Because prolonged targeting of India’s power grid “provides limited economic espionage or traditional intelligence-gathering opportunities,” Recorded Future said it appears the target is capable of gathering information around critical infrastructure systems, or Pre-deployed for future activity. ,

“Purposes of penetration may include gaining an increased understanding of these complex systems to facilitate capacity development for future use or to gain adequate access to systems in preparation for future contingency operations,” Recorded Future he said.


Ashok Sharma in New Delhi contributed to this story.

Leave a Comment