India thwarted China’s cyber attacks on power sector

India thwarted China’s cyber attacks on power sector

New Delhi: China carried out cyber attacks on Indian power and ports sectors when troops were engaged at the borders along the Line of Actual Control but there was “no impact” on critical infrastructure, sources in the Power Ministry said on Monday.
The ministry carried out a study — China-Linked group Red Echo targets the Indian power sector amid heightened border tensions — by Recorded Future’s Insikt Group and released on Monday which came to the conclusion that there were cyber attacks but nothing happened to critical infrastructure.
The report stated that in total, 21 IP addresses resolving to 10 distinct Indian organisations in the power generation and transmission sector were targeted, with a further two organisations in the maritime sector. They were targeted through a malware called Shadow Pad.
All 12 organisations qualify as critical infrastructure, as per the Indian National Critical Information Infrastructure Protection Centre (NCIIPC) definition.
“Within India’s power sector, Red Echo conducted suspected network intrusions targeting at least 4 out of the country’s 5 Regional Load Despatch Centres (RLDCs), alongside 2 State Load Despatch Centres (SLDCs),” the report stated. RLDCs and SLDCs are responsible for ensuring real-time integrated operation of India’s power grid through balancing electricity supply and demand to maintain a stable grid frequency.
The report also talks about the October 2020 power outage in Mumbai links to a malware attack at a Padgha-based State Load Despatch Centre. However, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated in the study.
Other Red Echo intrusions within the Indian power sector included the targeting of a high-voltage transmission substation and a coal-fired thermal power plant. “The targeting of these critical power assets offer limited economic espionage opportunities, but pose significant concerns over potential pre-positioning of network access to support other Chinese strategic objectives,” the report stated.
Reacting to the report’s finding, Power Ministry sources said that a system of monitoring and analysis of cyber activities is already in place at all RLDCs & NLDC, operated by the Power System Operation Corporation (POSOCO).
Further, sources said that the ministry received an email from the Indian Computer Emergency Response Team (CERT-In) on November 19, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action has been taken to address these threats.
Subsequently, NCIIPC informed through a mail dated February 12, 2021 about the threat by Red Echo through a malware called Shadow Pad. Sources in the ministry said the report of Insikt referring to the threat actors were already informed to them by CERT-in and NCIIPC.
After the ministry came to know about the threats, all IPs and domains listed in the NCIIPC mail were blocked in the firewall at all control centres.

CATEGORIES
TAGS
Share This

COMMENTS

Wordpress (0)
Disqus ( )