NEW DELHI: A stitch in time saved India a major power outage and disruption in economic activities. Government insiders said additional safeguards were deployed as early as November to protect the national power grid from hacking, possibly by Chinese state-backed hackers.
A New York Times report on Sunday cited a study by Recorded Future, a Massachusettes-based outfit that studies the use of the internet by state actors, to raise doubt Chinese state-backed hackers may have caused the October 12 power outage in Mumbai as a warning against strong Indian pushback against PLA’s border transgressions in Ladakh. The report, however, said the study did not have sufficient evidence to substantiate this doubt.
Government insiders said India’s cybersecurity agency CERT-In (Indian Computer Emergency response Team) had in November detected ShadowPad malware, one of the largest supply chain attacks. The national grid operator and its regional units were on November 19 alerted about the malware and threats of other attempts at hacking.
On February 12, another government cybersecurity agency, NCIIPC (National Critical Information Infrastructure Protection Centre) rang the alarm bell over Red Echo, a Chinese state-sponsored actor group, trying to break into the grid control systems. It said the IPs in both ShadowPad and Red Echo instances match. The agency sent out a list of the ‘hot’ IPs and domains.
Between these two alerts, IT groups with the grid activated additional safety protocols. All IPs and domains listed by NCIIP were blocked in the firewalls at all control centres. A closer watch is being maintained on firewall logs at all control centres. Additionally, all systems in control centres were scanned and cleaned by antivirus.
Reports from grid controllers said there was no impact on any operation and there was no data breach or loss.
Meanwhile, Chinese foreign ministry spokesperson Wang Wenbin on Monday said it was “highly irresponsible” to accuse a particular party when there is no sufficient evidence”. “China firmly opposes and cracks down on all forms of cyberattacks. Speculation and fabrication have no role to play on the issue of cyberattacks, as it is very difficult to trace the origin of a cyberattack.”