The report claimed that the hackers focused on at least seven “State Load Despatch Centres (SLDCs)” in northern India that are responsible for carrying out real-time operations for grid control and electricity dispatch in the areas they are located in, near disputed India-China border in Ladakh.
‘’In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh,” the report stated.
One of the load dispatch centres previously was the target of another hacking group called RedEcho, which “strong overlaps” with a hacking group that the U.S. has tied to the Chinese government.
“The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence gathering opportunities,” said the report, adding, “We believe this is instead likely intended to enable information gathering surrounding critical infrastructure and/or pre-positioning for future activity.”
The cyber-attacks took place between August 2021 and March 2022, NDTV quoted sources as saying. The NDTV report further added that the investigation found the data passing in and out of the load despatch centres to the Chinese state-sponsored command and control servers spread across the world.
Recorded Future said, “In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group.”
The group said they alerted the government of their findings before publishing the report.
On April 7, the government confirmed that two attempts were made by Chinese hackers to disrupt electricity distribution centres near Ladakh however, the attacks were not successful.
“Two attempts by Chinese hackers were made to target electricity distribution centres near Ladakh but were not successful.We’ve already strengthened our defence system to counter such cyber attacks,” Power Minister R.K. Singh told news agency ANI on April 7.
The intelligence firm said that the Chinese hackers were trying to “gather information surrounding critical infrastructure systems or is pre-positioning for future activity”.
‘’Given the continued targeting of State and Regional Load Despatch Centres in India over the past 18 months, first from RedEcho and now in this latest TAG-38 activity, this targeting is likely a long-term strategic priority for select Chinese state-sponsored threat actors active within India,” it said.
‘’The objective for intrusions may include gaining an increased understanding into these complex systems in order to facilitate capability development for future use or gaining sufficient access across the system in preparation for future contingency operations,” Recorded Future said.
The hacking group, dubbed TAG-38, has used a kind of malicious software called ShadowPad, which was previously associated with China’s People’s Liberation Army and the Ministry of State Security, according to Recorded Future. Researchers didn’t identify the victims by name.
Jonathan Condra, a senior manager at the cyberthreat intelligence firm told Bloomberg that the method the attackers used to make the intrusions — compromised internet of things devices and cameras — was unusual. “The devices used to launch the intrusions were based in South Korea and Taiwan,” he said.
This comes as the latest flashpoint after a military standoff between the two countries in the region. In June 2020, tensions flared up after a high-altitude skirmish, which involved hand-to-hand combat between troops, in Ladakh’s Galwan Valley in the Himalayas.
In the deadly encounter, at least 20 Indian were killed. Since then, multiple rounds of talks have had limited success in de-escalating border tensions.
In March, India said there can be no normality in ties with China unless the troops amassed at the Line of Actual Control (LAC) are withdrawn.
