By Linus Garg
First publised on 2022-04-08 10:42:46
Recorded Future (RF), a Massachusetts-based cyber security firm has issued a report that says that a Chinese hacker group, which they called Threat Activity Group (TAG) 28, targeted Indian power grids in north India in the proximity of the Indo-China border in Ladakh for the last several months, including in March this year. It says the targets were 7 State Load Desptach Centres (SLDCs). TAG28 used a family of malware called ShadowPad. In February this year, RF had reported that another Chinese hacker group RedEcho had similarly targeted "10 distinct Indian power sector organizations, including 4 of the 5 Regional Load Despatch Centres (RLDC)" and two ports. It named the grids as Delhi SLDC, DTL Tikri Kalan substation, the Western RLDC, NTPC's power plant at Kudgi in Karnataka, Southern RLDC, the Telangana SLDC, and the Eastern and the North Eastern RLDCs as well. The two ports were Mumbai Port and the VOC Port at Tuticorin in Tamil Nadu. It said that this was going on since mid-2020. RF also said that these hacker groups are linked to the People's Liberation Army and the Chinese Ministry of State Security. The Chinese have, as per their standard practice, denied the allegations.
India, on the other hand, said it knew of these attacks and had put systems in place to foil the designs of the hackers. While MEA spokesman Arindam Bagchi said that "we have seen the reports. There is a mechanism in place so that our critical infrastructure remains resilient in such cases", Minister for Power and Renewable Energy R K Singh said that "our defence against cyber attack is strong. These were probing attacks in December, January and February. They did not succeed. But we are aware."
With the cyber attacks by Chinese state-sponsored players increasing in number and frequency, India has to be on guard. The outage in Mumbai in October 2020 is fresh in memory. It also needs to be remembered that these hackers had almost succeeded in blacking out a large part of Australia in November 2021. The attack was averted at the last moment. Though India has put strong protocols and anti-hacking tools in place, they need to be upgraded every day, if not more frequently, as the hackers keep developing newer Trojans and malwares that can penetrate systems that are not upgraded continuously.