Published 20:21 IST, March 1st 2021
US report states Chinese cyber group behind Mumbai grid failure; Centre confirms attack
A US-based company 'Recorded Future' has issued a report on Monday, stating that a Chinese government-linked group of hackers had targeted India's power grid
In a massive revelation, a Massachusetts-based company 'Recorded Future' has issued a report on Monday, stating that a Chinese government-linked group of hackers had targeted India's power grid, possibly leading to Mumbai power outage in October 2020. The report has identified that China-linked threat activity group RedEcho was allegedly behind the attack, amid Indo-China border tensions. The Maharashtra Cyber Team has submitted a report to Home Minister Anil Deshmukh about the 'attack on the state's power grid'.
China Cyberattack behind Mumbai powercut?
"When the power went out in Mumbai, I had said that there was something wrong and had constituted 3 committees to probe. I feel media reports that have surfaced are true. Cyber cell has submitted a report on this to Home Minister Deshmukh," said Maharashtra Energy Minister Nitin Raut
US report on cyber attack
RecordedFuture identified that ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres, two Indian seaports were targets in a concerted campaign by the Chinese group. RedEcho reportedly has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups. These groups' online activities had raised concerns of pre-positioning on energy assets to support Chinese strategic objectives like geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, stated the report.
Recorded Future said in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, targeting of multiple Indian government public sector and defence organisations from at least May 2020, it said. PlugX has been heavily used to alleged Chinese cyber espionage activity. In response to the allegation, Chinese Foreign Ministry spokesman Wang Wenbin on Monday rejected the criticism, saying it is irresponsible and ill-intentioned to make allegations without proof.
"China is a staunch upholder of cybersecurity. We firmly oppose and fight any kind of cyber-attacks," he said, replying to a question on the report of the cyber-attack on the Indian power grid.
India's response to attack
In response to the US report, the Union Power Ministry acknowledged the attack on India's power grid by a Chinese cyber group. The government stated that all IPs and domains listed on the national power grid were scanned and cleaned of any antivirus. On October 12, Mumbai faced a power grid failure after tripping of MSETCL’s 400 KV transmission system at Kalwa' leading to failure of Tata Power's network.
"An email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. NCIIPC informed through mail on Feb 12 about threat by Red Echo through malware Shadow Pad that “Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector's Regional Load Dispatch Centres along with State Load Dispatch Centres". All IPs & domains listed in NCIIPC mail have been blocked in firewall at all control centres. Log of firewall is being monitored for any connection attempt towards listed IPs & domains. Additionally,all systems in control centres were scanned & cleaned by antivirus," said Power Ministry in a statement.
Mumbai's power failure
On February 12, many parts of Mumbai experienced electricity failure due to tripping of MSETCL’s 400 KV transmission system at Kalwa which supplies to Mumbai and adjoining areas, stated Tata Power. The private power entity explained that MSETCL had taken an emergency shutdown for 400 KV Kalwa- Padghe line -1 to restore a fault and failed to revive it, leading to tripping of 400kV Kalwa-Padghe-2 carrying 633 MW and load drop in Mumbai system. While Mumbai's power grid is equipped with an 'islanding system', it could not hold as an additional 900MW load dropped, leading to complete failure.
The power outage affected local train services, operating only for essential workers at that time. Later, power supply was restored from noon onwards using Tata Power's 3 Hydro units and Trombay gas and coal units. Maharashtra Chief Minister Uddhav Thackeray took serious cognisance of the power outage in the Mumbai Metropolitan Region (MMR) and ordered an immediate probe into it, constituting a four-member committee.
Updated 20:38 IST, March 1st 2021