China’s Hackers: Even though a report from a US-based cyber security firm claimed that Chinese State-sponsored actors have targeted seven power grid assets, the national emergency response system, and an Indian subsidiary of a multinational logistics company since September 2021, the Union government has confirmed reports that the Chinese hackers continue to target Indian power plants, particularly those close to the Line of Actual Control (LAC).
At least two hacking efforts by Chinese hackers on energy distribution hubs in Ladakh were unsuccessful, according to Minister of Power R.K. Singh. “We’ve already reinforced our defense system to counter such cyberattacks,” he said, without specifying if the hackers in question were connected to the Chinese government.
According to the MEA, there is currently no information available
When asked if the identified attacks had been reported to China, Ministry of External Affairs (MEA) spokesperson Arindam Bagchi said the MEA didn’t have any information at the moment but expressed confidence that India’s “vital infrastructure” has enough safeguards.
In a report released on April 6, security firm Recorded Future stated that “likely network intrusions targeting at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective States” had been observed in recent months.
It was noted that the SLDCs targeted were concentrated geographically, with the detected SLDCs being located in North India, near the India-China border in Ladakh. Since April 2020, India and China have been locked in a standoff at various sites along the unmarked LAC in eastern Ladakh.
The company said it was temporarily grouping the group’s activities under the moniker Threat Activity Group-38 (TAG-38). “We’ve seen TAG- 38 intrusions targeting the mentioned victim organizations since at least September 2021.” The organization exploited open-source tool Fast Reverse Proxy (FRP) and potentially compromised infrastructure for command and control of ShadowPad implants used to target the specified networks.”
TAG-38 most likely hacked and coopted Internet-facing DVR/IP camera equipment for Shadowpad malware and FRP command and control (C2).
Economic espionage is limited
Long-term targeting of Indian power grid assets by China’s State-linked entities, according to the report, provided limited prospects for economic espionage or traditional intelligence gathering. “We feel this targeting is more likely to be used to obtain information about key infrastructure systems or to set the stage for future operations.” Intrusions could be used to “get a better understanding of these complex systems in order to allow capacity development for future use or to gain sufficient access across the system in preparation for future contingency operations,” according to the report.
This isn’t the first time that Recorded Feature has detected cyber-attacks. In March 2021, the Massachusetts-based firm discovered an uptick in malware targeting the government, defense groups, and the public sector in the run-up to the Galwan skirmishes on June 15, 2020, in which 20 Indian soldiers were killed. The breaches by Red Echo, a Chinese state-sponsored organization, began in May 2020 and continued throughout the year, according to the report. While attempts to penetrate systems were undertaken, the power industry was not affected, according to the Power Ministry. Maharashtra’s Electricity Minister, Nitin Raut, said on March 3, 2021, that a State Cyber Cell investigation had discovered “14 Trojan horses on the servers” of the Maharashtra State Electricity Transmission Company, which had the ability to interrupt power delivery.
Oppose hacking: China
“We have acknowledged the relevant reports,” China’s Foreign Ministry spokesperson Zhao Lijian said in response to Recorded Future’s recent report. We vehemently oppose and call for a crackdown on all sorts of hacker activity, as I have stated numerous times. Such behavior will never be encouraged, supported, or condoned by us.”
He added that cyberspace had the feature of being virtual and having a large number of players and that there should be enough proof to designate relevant situations. “Doing so necessitates a great deal of caution. The United States, as everyone knows, is the world’s hacking empire. It has initiated the greatest number of hacking activities around the globe. I’m trying to persuade the relevant institution you stated that, if it truly cares about cybersecurity, it should pay greater attention to the US attacks on Chinese firms and institutions. Instead of slinging mud at China, they should do something more helpful, which is to foster conversation and collaboration among countries.”