“State-sponsored” Chinese hacker groups had targeted various Indian power centres, the Union Power Ministry said on Monday, but added that these groups have been thwarted after government cyber agencies warned it about their activities. While the government refused to confirm or deny a New York Times report, based on a U.S. cyber security firm’s claim that the Mumbai power outage in October 2020 was part of a coordinated cyber attack by China, it said it has suffered “no data breach” as a result of the threat.
“There is no impact on any of the functionalities carried out by the Power Sector Operations Corporation (POSOCO) due to the referred threat. No data breach/ data loss has been detected due to these incidents,” the Ministry of Power said in an official statement, which made no direct mention of the Mumbai power outage on October 12, 2020, that lasted several hours.
Also read:
ADVERTISEMENT
ADVERTISEMENT
“Prompt actions are being taken by the Chief Information Security Officers (CISOs) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.,” the statement added.
Specifically naming the Chinese group “Red Echo”, which has been identified in the U.S. company Recorded Future’s report as responsible for the Mumbai outage, officials said they had been warned by the Ministry of Electronics and Information Technology’s (MEITy’s) Cyber Emergency Response Team-In (India) (CERT-in) about the threat from malware called “ShadowPad” in November 2020, and by the NTRO’s National Critical Information Infrastructure Protection Centre (NCIIPC) in February 2021, of the threats, weeks before the Recorded Future report was released.
“NCIIPC informed [Power Ministry] through a mail dated 12th February, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs).”
ADVERTISEMENT
The Ministry listed actions it took as a result of the warnings that have ensured that there is no “communication and data transfers” taking place to the Internet Protocol addresses(IPs) mentioned as dangerous by NCIIPC.
“All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres. Log of firewall is being monitored for any connection attempt towards the listed IPs and domains. Additionally, all systems in control centres were scanned and cleaned by antivirus,” it said.
In Mumbai, Home Minister Anil Deshmukh said a preliminary Cyber Cell report on the power outage had been handed over to the State Energy Ministry.
“The report findings state there is evidence that suggests there might have been a cyber-sabotage attempt. The report has been handed over to Minister Nitin Raut,” Maharashtra Home Minister Anil Deshmukh reportedly told journalists.