Massive Power Outage In Mumbai Last Year Linked To Chinese Hackers: Reports

A new study suggests that neighbouring China might have targeted the Indian power sector last year in the middle of hostilities at the India-China border in Ladakh.

The report that has been shared with the government says that the massive power outage in Mumbai last year which stopped trains and shut down hospitals and the stock exchange for hours might have been a planned activity by a China-linked threat activity group, RedEcho.

The report claims that it may be the result of a cyber attack from China in an attempt to give a sign to India not to stretch the matter further. 

Maharashtra cyber, the nodal agency for state cybersecurity, analysed and their conclusion also is that this could be cyber sabotage. Maharashtra's Home Minister Anil Deshmukh informed ABP Live, that there is evidence that 14 Trojans has been founded.

Anil Deshmukh further mentions that 8 GB of data has been transferred to foreign unaccounted addresses and there was the possibility of login attempts. The state's Home Minister said some foreign attempt was made but Maharashtra cyber still analysing which country was it from.

READ | Plane Forced To Land After Angry Cat Attacks The Pilots Mid-Air In Sudan

When Indians and Chinese soldiers were having a faceoff alongside the Ladakh border, which escalated in June with the clash at Galwan Valley in which 20 Indian soldiers died, the Chinese hackers may have planted malware in key power plants that manage power supply in India. 

The links to the Mumbai outage highlighted in the report further provides additional evidence suggesting the coordinated targeting of Indian Load Dispatch Centres. 

A US-based company Recorded Future that studies the use of the internet by state actors, reportedly pieced together the flow of Malware and found that most of the malware was never activated. 

As quoted in media reports, the study said, "From mid-2020, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India's power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure. Other targets identified include two Indian seaports." 

The study also mentioned that a total of 21 IP addresses linked to 12 Indian power generation and transmission organisations were targeted.