Thursday 26 May 2022
- Advertisement -

Chinese espionage in India: How power grid was compromised

IP cameras, often used in CCTV, and internet-operated DVR devices were probably compromised in the Chinese operation that coincided with the Galwan Valley clash between India and China

Join Sirf News on


An American cyber security firm has claimed that the Chinese government-linked cyber groups targeted at least seven Indian State Load Dispatch Centres (SLDCs) in northern India in a massive cyber-espionage operation. These power nods are responsible for executing real-time operations for grid control and electricity dispatch in northern India, US-based privately held cybersecurity company Recorded Future, founded in 2009, said.

The researchers noted that the detectives from China geographically concentrated on northern India “in proximity to the disputed India-China border in Ladakh” although it did not identify the precise locations. A map of targeted power infrastructure that Recorded Future released illustrated rough locations concentrated in northern India.

One of the backdoor tools used in the operation, Shadowpad is known to have originated from the contractors of the Chinese Ministry of State Security (MSS). The tool is believed to be closely associated with China’s People’s Liberation Army (PLA). Incidentally, these backdoor operations happened following the border disengagement between Indian and Chinese armed forces started in February 2021.

A detailed report published by Recorded Future notes that the attack was likely an operation to make backdoor entries and collect information on India’s power infrastructure for future operations. However, it did not mention any immediate incident of blackout. “These assets offer minimal value as economic espionage or other traditional intelligence targets, which led us to assess a likely goal of pre-positioning network access to support Chinese strategic objectives”, Recorded Future’s threat research division, Insikt Group said.

According to the statement released by the company in this regard, the group comprises analysts and security researchers with deep government, law enforcement, military, and intelligence agency experience. Although a previous version of attacks by another Chinese group was reported in February 2021, recent cyber-espionage operations have remained active for the past several months. Based on available information, it is estimated that the resources deployed in the operations remained active from 27 August 2021 to 15 March 2022.

An Indian subsidiary of a multinational logistics company, and a national emergency response system were targeted during these attacks too.

The researchers did not identify technical evidence attributing the cyberattacks to the previously identified Chinese RedEcho group and hence, they categorised the latest activity under the temporary group name Threat Activity Group 38 (TAG-38).

Chinese spies used cameras, DVR

Protocol (IP) cameras, often used in the Close-Circuit Televisions (CCTV) networks, and internet-operated Digital Video Recording (DVR) devices were probably compromised in the Chinese operation. These third-party digital cameras and DVRs are often inadequately secured.

The American researchers say that the command-and-control infrastructure in the ‘prolonged targeting’ mostly consists of compromised -facing, third-party DVR and IP camera devices. All command-and-control servers associated with compromised DVR and IP cameras were primarily geolocated in Taiwan or South Korea.

Security experts advise the use of stronger measures, including monitoring outbound traffic to unusual servers while operating third-party IP cameras and DVR systems. “Ensure software and firmware associated with IOT devices, such as DVR/IP camera systems, are kept up to date. Always change any default passwords to a strong, complex password and turn on two-factor authentication (2FA) if available. Where possible, avoid exposing these devices directly to the internet,” Recorded Future said.

Tensions between India and China escalated after the Galwan valley clash in 2020. The eastern Ladakh border standoff between the Indian and Chinese militaries erupted on 5 May 2020, following a violent clash in the Pangong Tso Lake area.

Following the incident, both sides gradually enhanced their deployment by rushing in tens of thousands of soldiers as well as heavy weaponry, resulting in increased tensions at the friction points.

Several rounds of military-level talks were held to de-escalate tensions between the two countries. Later, in February 2021, Defence Minister Rajnath Singh said that sustained talks with China had led to an agreement on disengagement on the north and south banks of the Pangong Lake.

During the recently held 15th round of talks, India pressed for early disengagement of troops in remaining friction points, including resolution of pending issues in Depsang Bulge and Demchok.

On 25 March, National Security Advisor Ajit Doval and Chinese Foreign Minister Wang Yi discussed the possibility of complete disengagement of Indian and Chinese troops along the borders between the two nations.

A study suggested that the Mumbai power outage in 2022, which was said to be the worst power failure in decades, might have its links to the India and China border tensions. The report said that the mega Mumbai power outage may be the result of a Chinese cyber attack in an attempt to give a sign to India not to press too hard.

The report cited by The New York Times said that when the Indians and Chinese soldiers were stuck in a faceoff, China was injecting the malware into the control systems that are responsible for electric supply across India. Notably, this was not the first report that hinted at China’s cyberattack that led to the Mumbai power outage.

Earlier reports by India Today said that the Maharashtra cyber department suspected that a malware attack could be behind the power outage. The power outage’s primary cause was said to be tripping at the Padgha-based load despatch centre in District Thane.

Contribute to our cause

Contribute to the nation's cause

Sirf News needs to recruit journalists in large numbers to increase the volume of its reports and articles to at least 100 a day, which will make us mainstream, which is necessary to challenge the anti-India discourse by established media houses. Besides there are monthly liabilities like the subscription fees of news agencies, the cost of a dedicated server, office maintenance, marketing expenses, etc. Donation is our only source of income. Please serve the cause of the nation by donating generously.

Join Sirf News on


Similar Articles


Scan to donate

Swadharma QR Code
Sirf News Facebook Page QR Code
Facebook page of Sirf News: Scan to like and follow

Most Popular

%d bloggers like this: