Chinese cyber attack foiled: Power Ministry

In Mumbai, Anil Deshmukh said a preliminary Cyber Cell report on the power outage had been handed over to the State Energy Ministry.

Updated - March 02, 2021 10:34 am IST

Published - March 01, 2021 10:39 pm IST - NEW DELHI

“State-sponsored” Chinese hacker groups had targeted various Indian power centres, the Union Power Ministry said on Monday, but added that these groups have been thwarted after government cyber agencies warned it about their activities. While the government refused to confirm or deny a New York Times report, based on a U.S. cyber security firm’s claim that the Mumbai power outage in October 2020 was part of a coordinated cyber attack by China, it said it has suffered “no data breach” as a result of the threat.

“There is no impact on any of the functionalities carried out by the Power Sector Operations Corporation (POSOCO) due to the referred threat. No data breach/ data loss has been detected due to these incidents,” the Ministry of Power said in an official statement, which made no direct mention of the Mumbai power outage on October 12, 2020, that lasted several hours.

Also read: Chinese malware may have targeted Indian power systems and seaports: U.S. firm

“Prompt actions are being taken by the Chief Information Security Officers (CISOs) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.,” the statement added.

Specifically naming the Chinese group “Red Echo”, which has been identified in the U.S. company Recorded Future’s report as responsible for the Mumbai outage, officials said they had been warned by the Ministry of Electronics and Information Technology’s (MEITy’s) Cyber Emergency Response Team-In (India) (CERT-in) about the threat from malware called “ShadowPad” in November 2020, and by the NTRO’s National Critical Information Infrastructure Protection Centre (NCIIPC) in February 2021, of the threats, weeks before the Recorded Future report was released.

“NCIIPC informed [Power Ministry] through a mail dated 12th February, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs).”

The Ministry listed actions it took as a result of the warnings that have ensured that there is no “communication and data transfers” taking place to the Internet Protocol addresses(IPs) mentioned as dangerous by NCIIPC.

“All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres. Log of firewall is being monitored for any connection attempt towards the listed IPs and domains. Additionally, all systems in control centres were scanned and cleaned by antivirus,” it said.

In Mumbai, Home Minister Anil Deshmukh said a preliminary Cyber Cell report on the power outage had been handed over to the State Energy Ministry.

“The report findings state there is evidence that suggests there might have been a cyber-sabotage attempt. The report has been handed over to Minister Nitin Raut,” Maharashtra Home Minister Anil Deshmukh reportedly told journalists.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.