China targeted Indian power sector after Galwan Valley clash, report says

China targeted Indian power sector after Galwan Valley clash.   | Photo Credit: Reuters

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Chinese-state sponsored groups targeted India’s power grid systems with malware months after the two nations clashed in Galwan valley in June, according to a report by US-based cybersecurity firm Recorded Future.

The firm’s report raises suspicion over whether power blackout in Mumbai last year was a result of intrusion by any Chinese group.

Recorded Future said it notified the Indian government departments prior to publication of the suspected intrusions to support investigations within the impacted organizations.

According to the report, 10 Indian power sector organisations, including four of the five regional load despatch centres, that are responsible for operation of the power grid by balancing demand and supply, were the targets.

Besides, two Indian seaports were also identified as targets in a concerted campaign against India. All these organisations are part of India’s critical infrastructure, per the Indian National Critical Information Infrastructure Protection Centre (NCIIPC) definition.

“Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organizations from Chinese state-sponsored groups,” Recorded Future said in a statement.

“From mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector.”

The report further highlighted that the infrastructure tactics and techniques detected during the attack were similar to procedures previously adopted by Chinese state-sponsored groups.

However, researchers of the report said they do not believe there is enough evidence to attribute the activity to an existing group so it continues to track it as a closely related but distinct activity group, RedEcho.

This article is closed for comments.
Please Email the Editor

Printable version | Apr 23, 2021 1:00:47 PM |

Next Story