A new study says that the Mumbai power outage last year, which was said to the worst power failure in decades, may have its links to the India and China border tensions. The report adds that the mega Mumbai power outage may be the result of a Chinese cyber attack. This could have been Beijing’s attempt to warn India to stop resisting the PLA invasion in eastern Ladakh, the study suggests.
The report cited by The New York Times claims that when Indian and Chinese soldiers were locked in a faceoff at the border, the malware was injected into the control systems that are responsible for electric supply across India. This is not the first report that hints at a Chinese cyber attack that led to the Mumbai power outage. On 12 October last year, Mumbai faced a massive power outage that lasted for a few hours starting from 10 AM, however, the issue was resolved by noon.
In November, media had reported that during the preliminary probe by Maharashtra cyber department, they traced the infusion of malware at the Padgha-based state load despatch centre.
The NYT report says that Recorded Future, a cyber security company founded in 2009 with headquarters in Somerville, Massachusetts, did the malware tracing. The company claims that most of the malware was not activated, which may mean that a small proportion of malware caused the Mumbai power outage.
However, the report says further that the cybersecurity company could not examine the code itself because of the restrictions, which meant it could not get inside India’s power systems. The report says that the cyber security company notified Indian authorities.
The company has named the Chinese state-sponsored group RedEcho, which is more than likely to have caused the Mumbai power outage.
The report quotes Stuart Solomon, chief operating officer of Recorded Future, who said the RedEcho “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”
In a blog published by Recorded Future, the company has put down its observations about targeted intrusion activity against Indian authorities. “Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organizations from Chinese state-sponsored groups. From mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector. 10 distinct Indian power sector organizations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included 2 Indian seaports,” the company said.
The cybersecurity company does point that despite some overlaps with previous groups, there isn’t enough evidence to attribute the Mumbai power outage to an existing hacker group. However, it will “continue to track it as a closely related but distinct activity group, RedEcho.”
The cybersecurity company says it has sent its findings to Indian Computer Emergency Response Team (or CERT-In) within the Ministry of Electronics and Information Technology of the Government of India. It adds that the government has acknowledged the receipt twice, though there has been no confirmation of the fact that the code infected in the power grid may have any links with Chinese hackers.