Chinese hackers have targeted power grids in northern India in recent months, including March this year, a private US-based cybersecurity firm has claimed. He said the seven targeted State Charge Dispatch Centers (SLDCs) were “close to the disputed India-China border in Ladakh”.
Using a family of malware called ShadowPad, these hackers targeted SLDCs in northern Indian states, according to a report by Recorded Future, a Massachusetts-based cybersecurity firm that describes itself as specializing in the collection, processing, analysis and dissemination of threat intelligence. .
the hackers are supported by Chinese state entitiesthe report states, linking the use of the ShadowPad Trojan and hacking groups to the People’s Liberation Army and China’s Ministry of State Security.
He said the company notified Indian authorities before the report was released.
“Over the past few months, we have observed probable network intrusions targeting at least 7 Indian State Charge Dispatch Centers (SLDCs) tasked with performing real-time operations for network control and distribution of electricity in these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs being located in northern India, close to the disputed India-China border in Ladakh,” the report said.
Two attempts by Chinese hackers were made to target electricity distribution centers near Ladakh but were unsuccessful… We have already strengthened our defense system to counter such cyberattacks: RK Singh, Union Minister for Power and New & Renewable Energy pic.twitter.com/FSUck06Jai
— ANI (@ANI) April 7, 2022
The report said the hackers, named by the company as Threat Activity Group (TAG) 38, also targeted an emergency response force and an Indian subsidiary of a multinational logistics company.
Although the report does not identify the targets, a blank map in the report shows the locations of the attacks in Jammu, Punjab, Himachal Pradesh, Delhi and Haryana-Rajasthan regions.
(PTI adds: Speaking on the sidelines of a clean energy ministerial meeting in the nation’s capital, Energy Minister RK Singh acknowledged attempts had been made by China, but added that defenses of India against such intrusions were strong.
“Our defense against cyberattacks is strong. These were flare-ups in December, January and February. They did not succeed. But we are aware,” he said.
He also said action was taken in 2018 against alleged cyberattacks on the country’s power system. “We had protocols in place. These protocols work and we reinforce these protocols every day. Thus, our cyber defense against cyber attacks is strong. We’re confident about that,” Singh said.
External Affairs Ministry spokesman Arindam Bagchi said: “We have seen the reports. There is a mechanism in place to ensure that our critical infrastructure remains resilient in such cases…We have systems in place to protect critical infrastructure…I have no information that we have raised the issue with China.
In Beijing, the Chinese government denied reports that its hackers had targeted India’s power grid in Ladakh. “We have taken note of the relevant information,” Chinese Foreign Ministry spokesman Zhao Lijian said at a press briefing. “As I have repeatedly stated, we strongly oppose and suppress all forms of piracy activity. We will never encourage, support or condone such activity,” he said.)
In a previous report in February this year, Recorded Futures reported that another hacking group, RedEcho, had targeted as of mid-2020 “10 separate Indian power organizations, including 4 of the 5 centers regional load forwarding (RLDC)” and two ports.
He named Delhi SLDC Networks, DTL Tikri Kalan Substation, Western RLDC, NTPC Power Station Kudgi in Karnataka, Southern RLDC, Telangana SLDC and Eastern and Southern RLDCs. northeast as well. The two ports were Mumbai Port and VOC Port of Tuticorin in Tamil Nadu.
The new report says that after a temporary lull following the disclosure of RedEcho’s activities, hackers have resumed and likely carried out their attacks via co-opted and compromised DVR/IPR camera devices on the Internet in Taiwan and South Korea. South. TAG-38 used these devices to command and control Shadowpad infections in targets. They also used the open source Fast Reverse Proxy, according to the report.
The report assessed that the targeting was “intended to enable the collection of information about critical infrastructure systems or prepositions for future activity.”
He also mentioned other hacking activities, in which targets included “an Indian managed services provider and an exploitation technology provider.” He said this activity was carried out by a group named TAG-26 which targeted several high value organizations in India using ShadowPad and other malware such as Poison Ivy and RoyalRoad RTF.