Published 20:38 IST, March 1st 2021
US report states Chinese cyber group behind Mumbai grid failure; Centre confirms attack
A US-based company 'Recorded Future' has issued a report on Monday, stating that a Chinese government-linked group of hackers had targeted India's power grid
Advertisement
In a massive revelation, a Massachusetts-based company 'Recorded Future' has issued a report on Monday, stating that a Chinese government-linked group of hackers h targeted India's power grid, possibly leing to Mumbai power outage in October 2020. report has identified that China-linked threat activity group RedEcho was allegedly behind attack, amid Indo-China border tensions. Maharashtra Cyber Team has submitted a report to Home Minister Anil Deshmukh about 'attack on state's power grid'.
China Cyberattack behind Mumbai powercut?
"When power went out in Mumbai, I h said that re was something wrong and h constituted 3 committees to probe. I feel media reports that have surfaced are true. Cyber cell has submitted a report on this to Home Minister Deshmukh," said Maharashtra Energy Minister Nitin Raut
Advertisement
US report on cyber attack
RecordedFuture identified that ten distinct Indian power sector organisations, including four of five Regional Lo Despatch Centres, two Indian seaports were targets in a concerted campaign by Chinese group. RedEcho reportedly has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShowP is used by at least five distinct Chinese groups. se groups' online activities h raised concerns of pre-positioning on energy assets to support Chinese strategic objectives like geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, stated report.
Advertisement
Recorded Future said in le-up to May 2020 border skirmishes, it observed a noticeable increase in provisioning of PlugX malware C2 infrastructure, targeting of multiple Indian government public sector and defence organisations from at least May 2020, it said. PlugX has been heavily used to alleged Chinese cyber espionage activity. In response to allegation, Chinese Foreign Ministry spokesman Wang Wenbin on Monday rejected criticism, saying it is irresponsible and ill-intentioned to make allegations without proof.
"China is a staunch upholder of cybersecurity. We firmly oppose and fight any kind of cyber-attacks," he said, replying to a question on report of cyber-attack on Indian power grid.
Advertisement
India's response to attack
In response to US report, Union Power Ministry acknowledged attack on India's power grid by a Chinese cyber group. government stated that all IPs and domains listed on national power grid were scanned and cleaned of any antivirus. On October 12, Mumbai faced a power grid failure after tripping of MSETCL’s 400 KV transmission system at Kalwa' leing to failure of Tata Power's network.
Advertisement
"An email was received from CERT-In on 19th November, 2020 on threat of malware called Show P at some control centres of POSOCO. NCIIPC informed through mail on Feb 12 about threat by Red Echo through malware Show P that “Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector's Regional Lo Dispatch Centres along with State Lo Dispatch Centres". All IPs & domains listed in NCIIPC mail have been blocked in firewall at all control centres. Log of firewall is being monitored for any connection attempt towards listed IPs & domains. ditionally,all systems in control centres were scanned & cleaned by antivirus," said Power Ministry in a statement.
Mumbai's power failure
On February 12, many parts of Mumbai experienced electricity failure due to tripping of MSETCL’s 400 KV transmission system at Kalwa which supplies to Mumbai and joining areas, stated Tata Power. private power entity explained that MSETCL h taken an emergency shutdown for 400 KV Kalwa- Pghe line -1 to restore a fault and failed to revive it, leing to tripping of 400kV Kalwa-Pghe-2 carrying 633 MW and lo drop in Mumbai system. While Mumbai's power grid is equipped with an 'islanding system', it could not hold as an ditional 900MW lo dropped, leing to complete failure.
power outage affected local train services, operating only for essential workers at that time. Later, power supply was restored from noon onwards using Tata Power's 3 Hydro units and Trombay gas and coal units. Maharashtra Chief Minister Uddhav Thackeray took serious cognisance of power outage in Mumbai Metropolitan Region (MMR) and ordered an immediate probe into it, constituting a four-member committee.
20:21 IST, March 1st 2021