Soon after a report said that Chinese hackers had targeted India's power grids in Ladakh, Union Minister for Power and New and Renewable Energy RK Singh on Thursday, 7 April, said that the attempts made by Chinese hackers were not successful.
"Two attempts by Chinese hackers were made to target electricity distribution centres near Ladakh but were not successful... We've already strengthened our defence system to counter such cyber attacks," he was quoted as saying by news agency ANI.
Suspected state-sponsored Chinese hackers have targeted India’s power sector over the past 18 months as part of a cyber-espionage campaign, the threat intelligence firm Recorded Future Inc said in a report published on Wednesday.
As per the report, Recorded Future’s Insikt Group in February last year, had reported on intrusion activity targeting operational assets within India’s power grid that the intelligence firm attributed to a likely Chinese state-sponsored threat activity group known as RedEcho.
Later, ongoing targeting of Indian power grid organisations by China-linked adversaries that were “frequently using the privately shared modular backdoor ShadowPad” was also detected.
ShadowPad, the report states, “continues to be employed by an ever-increasing number of People’s Liberation Army (PLA) and Ministry of State Security (MSS)-linked groups, with its origins linked to known MSS contractors first using the tool in their own operations and later likely acting as a digital quartermaster.”
Seven Load Despatch Centres Targeted, Says Report
At least seven Indian State Load Despatch Centres (SLDCs), which are responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states were also targeted, as per the threat analysis report.
Notably, the identified SLDCs are located close to the disputed India-China border in Ladakh.
The report states, “Despite a partial troop disengagement between India and China from February 2021, the prolonged targeting of Indian critical infrastructure continues to raise concerns over prepositioning activity being conducted by Chinese adversaries.”
While such attacks are consistent with previously identified RedEcho activity, technical evidence attributing it to the group has not yet been identified. Currently, such hacking activity is being clustered under the temporary group name Threat Activity Group 38 (TAG38).
Key Highlights:
The reports highlights that given the continued targeting of Indian SLDCs, from RedEcho and now in this latest TAG-38 activity, this targeting is likely a “long-term strategic priority for select Chinese state-sponsored threat actors active within India.”
The prolonged targeting, the report states, offers “limited economic espionage or traditional intelligence-gathering opportunities. We believe this targeting is instead likely intended to enable information gathering surrounding critical infrastructure systems or is pre-positioning for future activity.”
Lastly, the objective for intrusions may also include gaining an increased understanding into these complex systems in order to facilitate capability development for future use or gaining sufficient access across the system in preparation for future contingency operations, the report adds.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)