A new study suggests that the massive power outage that brought the metropolitan city of Mumbai to a grinding halt, in October 2020, may have been caused by China.
The study suggests that India’s power facilities may have come under direct attack from China, amid the clashes between the two countries in 2020.
The Maharashtra state government has taken cognisance of a media report pertaining to this study, and Home Minister Anil Deshmukh sought a report from the cyber department over it.
The Maharashtra Cyber Cell has submitted a preliminary report on this, which has been now handed over to Maharashtra Energy Minister Nitin Raut. According to Deshmukh, the report findings state there is evidence which suggests there might have been a cyber-sabotage attempt.
Earlier in the day, Raut also spoke to ANI, saying that he felt that the study could be true. “When the power went out in Mumbai, I had said that there was something wrong and had constituted three committees to probe it. I feel media reports that have surfaced are true,” Raut said.
WHAT THE STUDY SAYS
As per the study, the cyber-campaign was conducted by a China-linked group ‘RedEcho,’ causing Mumbai hospitals to switch to emergency back-up, trains to stop, and the stock market to close.
Recorded Future – an intelligence provider for enterprise security – on Monday, 1 March, published a report that claims to reveal details of “a cyber campaign conducted by a China-linked group, named RedEcho”.
The press release of the study further states:
“Recorded Future’s large-scale automated network traffic analytics and expert analysis identified the threat group activity targeting the power sector in India.”
KEY FINDINGS
The key findings of the report, as per the press release, were:
- Recorded Future's Insikt Group identified RedEcho targeting 10 distinct Indian organisations in the power generation and transmission sector and two organisations in the maritime sector.
- Insikt Group believes the targeting of these organisations poses significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.
- RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups.
- The computer network operations (CNO) targeting of strategically important organisations in India from Chinese groups will likely continue in 2021, as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment programme.
Further, Dr Chirstopher Ahlberg, CEO and Co-Founder, Recorded Future has, as per the press releases shared by PRNewswire, said that the impact of a targeted cyber-attack on the critical infrastructure of a country has the potential to be “catastrophic,” with long-term consequences.
“We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organisation and across a nation.”Dr Chirstopher Ahlberg, CEO and Co-Founder, Recorded Future
A WARNING FOR INDIA?
As per the study, from mid-2020, “Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India's power sector.”
The report also said that 10 power sector organisations in India, including four of the five regional load dispatch centres responsible for the operation of the power grid, have been found to be targets in a coordinated campaign against India's critical infrastructure.
Other targets identified include two Indian seaports, said the report.
Retired Lt Gen DS Hooda, a cyber-expert who oversaw India’s borders with Pakistan and China, reportedly told The New York Times:
“I think the signaling is being done (by China to indicate) that we can and we have the capability to do this in times of a crisis.”
Lt Gen Hooda also told The New York Times that the cyberattack was like a “warning” to India to show that they were capable of doing so.
Further, the publication points out, that cyber attacks are less devastating than nuclear attacks, and give China a “strategic and psychological edge.”
Also, as per The New York Times, Russia has been a pioneering such attacks, causing power outages in Ukraine twice.
United States has participated in “similar signalling” against Russia as well.
Pointing out that media reports had previously drawn connections between the power outage in Mumbai from October 2020 and malware at a Padgha-based State Load Despatch Centre, Recorded Future, in its study said:
“At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Despatch Centres.”
WHAT HAVE OFFICIALS SAID?
According to PTI, the Ministry of Power on Monday said there is no impact on operations of Power System Operation Corporation (POSOCO) due to any malware attack, adding that prompt actions are taken on advisories issued against such threats.
While the ministry did not overtly mention Mumbai in its statement, it appeared to be responding to the findings of the study.
"There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents,” the ministry said.
The ministry further said, "Prompt actions are being taken by the CISOs (chief information security officers) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans and the likes."
Meanwhile, PTI reported that responding to the allegation by the study, Chinese Foreign Ministry spokesman Wang Wenbin on Monday said it is “irresponsible and ill-intentioned” to make allegations without proof.
(With inputs from ANI, PTI, The New York Times, PRNewswire.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)