Amid Mumbai Power Outage Row, a Look at China’s Cyber Ops on India

A cybersecurity firm also reported that Chinese actors had targeted Serum Institute of India and Bharat Biotech. 

3 min read
A cybersecurity firm also reported that Chinese actors had targeted Serum Institute of India and Bharat Biotech. Image used for representation. 

A new study suggests that the massive power outage that brought the metropolitan city of Mumbai to a grinding halt, in October 2020, may have been caused by China.

The study suggests that India’s power facilities may have come under direct attack from China, amid the clashes between the two countries in 2020.

The power outage by many is being seen as China’s attempt to threaten India, amid the ongoing stand-off between the two nations.

While the Maharashtra government has launched an investigation into the matter, the Centre has said that there has been no evidence of China’s role in the matter so far.

However, this isn’t an isolated incident of a cyber-attack from across the border. While this is a rare and unprecedented example of an attack on India’s critical infrastructure, attacks of various kinds have been reported in the recent past.

Here’s a look at recent reports of cyber attacks on Indians and Indian infrastructure, attributed to threat actors in China. It is important to note that attribution of an attack is notoriously difficult in cases of cyber attacks. Therefore, the actual scope or breadth of attacks may not be accurately known.

Chinese Hackers Targeted Serum Institute, Bharat Biotech: Report

Cyber intelligence firm Cyfirma has told Reuters that in recent weeks, a Chinese state-backed hacking group has targeted Serum Institute of India (SII) and Bharat Biotech, the vaccine makers behind the production of the two COVID-19 vaccines available in India at the moment.

According to Cyfirma, a Chinese hacking group called APT10, which also goes by the name Stone Panda, has identified holes in the IT infrastructure and supply chain software of the two companies.

Cyfirma Chief Executive Kumar Ritesh said the group was actively targeting SII, having reportedly found that a number of the company’s public servers are running weak web servers.

Ritesh said that the hacking group has spoken about “weak content-management system” as well, adding that it is “quite alarming,” according to Reuters.

According to Ritesh, the aim here is gaining access to intellectual property and winning a competitive advantage over India. Both India and China have been involved in manufacturing and gifting COVID-19 vaccines to other nations.

Cyber Attacks & Threats Amid Indo-China Galwan Clash

In the aftermath of the clash between Indian and Chinese soldiers in Galwan Valley, advisories from the government as well from CERT-in had warned of possible cyber attacks from malicious actors.

The advisories, though, have not specifically attributed the threat to China. However, CERT-In, on 19 June, had indicated that, “malicious actors are planning large scale phishing attack campaigns against Indian individuals and businesses”.

Phishing is a type of social engineering attack often used to steal user data, including login credentials, and credit card numbers, by getting the victim to click on a malicious link disguised as an email from a trusted entity.

“You get rogue traffic from China all the time. Most banking companies do block IPs from China but in recent times they have seen a significant increase since the advent of the COVID-19 pandemic,” said Akhil Reni, founder of WeSecureApp, a cybersecurity company.

Maharashtra cyber security cell had also issued an advisory after over 40,300 hacking attempts were made, allegedly by China-based entities in June 2020.

35 Percent Attacks on Indian Sites Are From China: 2018 Report

In a 2018 report to India’s National Security Council Secretariat (NSCS), an unprecedented 35 percent of cyber attacks against the country were attributed to China.

According to the report, China has made the highest number of attacks on the official websites of India. While analysing the data for April and June, CERT has found that 35 percent intruding activities on Indian cyberspace are from China, India Today reported.

According to the report, a wide variety of public sector institutions were affected by such attacks attributed to actors in China. The companies include:

  • Oil and Natural Gas Corporation (ONGC)
  • National Informatics Centre (NIC)
  • Indian Railway Catering and Tourism Corporation (IRCTC)
  • Centre for Railway Information Systems (CRIS)
  • Punjab National Bank (PNB)
  • Oriental Bank of Commerce (OBC)
  • State Bank of India (SBI)
  • State data centres (particularly in Maharashtra, Madhya Pradesh, and Karnataka)

(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!