NEW DELHI: India said on Monday that there was no impact on the operations of Power System Operation Corporation (POSOCO) due to a malware attack and that swift action was being taken following advisories against such threats.
A study by a US-based company had suggested that a group linked to China was targeting India’s power grid system through malware.
The government ministry, responding to the study’s findings, said: “There is no impact on any of the functionality performed by POSOCO due to the referred threat.
While the study raised doubts that the massive power outage in Mumbai in October 2020 was the result of the online intrusion, the ministry did not mention the Mumbai outage in its statement.
The ministry further stated: “Prompt action is taken by the CISOs (Information Security Officers) in all these control centers operated by POSOCO for any incident / advice received from various agencies such as CERT-in, NCIIPC, CERT-Trans, etc. ”
The Indian Computer Emergency Response Team (CERT-in) is the nodal agency for dealing with cybersecurity threats such as hacking and phishing.
The National Critical Information Infrastructure Protection Center (NCIIPC) is a national nodal agency for the protection of critical information infrastructure.
What does the Recorded Future study say?
A group of Chinese government-linked hackers have targeted India’s critical power grid system with malware, Massachusetts-based company Recorded Future said in its latest study.
Recorded Future, which studies the use of the internet by state actors, details in its recent report the campaign by China-linked threat activity group RedEcho targeting India’s electricity sector.
The activity was identified through a combination of large-scale automated analyzes of network traffic and expert analysis.
Data sources include the Recorded Future platform, SecurityTrails, Spur, Farsight and common open source tools and techniques, the report says.
In response to the allegation, Chinese Foreign Ministry spokesman Wang Wenbin on Monday dismissed criticism of China’s involvement in hacking India’s power grid, saying it was “irresponsible and ill-intentioned” to make allegations without proof.
Further malware was reported in November; appropriate action taken: Ministry of Energy
In its report, Recorded Future notified the relevant Indian government departments prior to the publication of suspected intrusions to support incident response and remediation investigations within affected organizations.
The ministry explained in its statement: “The PIs mentioned in the notice relating to Red Echo correspond to those given in Shadow pad Incidents already informed by CERT-in in November 2020. Observations of all RLDCs (regional centers of load balancing) and NLDC (national load balancing center) shows that there is no communication and data transfer to the mentioned IPs. ”
All IP addresses and domains listed in NCIIPC mail have been blocked in the firewall of all control centers. The firewall log is monitored for any attempt to connect to the listed IP addresses and domains. In addition, all control center systems were scanned and cleaned by an antivirus, the ministry added.
Referring to a report by Insikt on the imminent threat of the China-based Red Echo group, the ministry said: “A system for monitoring and analyzing cyber activities is already in place in all RLDCs and NLDCs, operated by POSOCO In addition, an e-mail was received from CERT-In on November 19, 2020 about the threat of a malware called Shadow Pad in some control centers of POSOCO. Accordingly, measures have been taken to counter these threat. ”
Subsequently, he said that the NCIIPC informed by letter of February 12, 2021 of the threat of Red Echo via malware called Shadow Pad.
He said: “The threatening actor group sponsored by the Chinese state known as Red Echo is targeting regional load sharing centers (RLDCs) in the Indian power sector as well as dispatch centers of State charges (SLDC) “.
Some IP addresses and domain names were mentioned. Insikt’s report also refers to threat actors already briefed by CERT-in and NCIIPC, the ministry said.
October 2020 blackout could be cyber sabotage: Maharashtra minister
Contrary to the Energy Ministry’s statement, Maharashtra’s Interior Minister Anil Deshmukh said the massive power outage in Mumbai last October was an attempt at “cyber sabotage” according to a preliminary report.
Speaking to reporters in Mumbai, Deshmukh said Maharashtra Cyber Cell submitted a preliminary report which suggests that the network outage in Mumbai on October 12 last year was likely cyber sabotage.
The report was handed over to Maharashtra’s energy minister Nitin Raut, Deshmukh said.
China firmly crack down on all forms of cyberattacks: Chinese Embassy in India
A statement from the Chinese Embassy said on Monday that the country does not support cyber attacks.
“China strongly opposes all forms of cyberattacks and firmly suppresses them. Speculation and manufacturing have no role to play in the issue of cyber attacks. It is highly irresponsible to blame any particular party without sufficient evidence, “said the Chinese embassy spokesperson.
(With contributions from agencies)