India thwarted China's cyber attacks on power sector

China carried out cyber attacks on Indian power and ports sectors when troops were engaged at the borders along the Line of Actual Control but there was no impact on critical infrastructure sources in the power ministry said on MondayThe ministry carried out a study ChinaLinked group Red Echo targets the Indian power sector amid heightened border tensions carried out by Recorded Futures Insikt Group and released on Monday which came to the conclusion that there were cyber attacks but nothing happened to critical infrastructureThe report stated that in total 21 IP addresses resolving to 10 distinct Indian organisations in the power generation and transmission sector were targeted with a further two organisations in the maritime sector They were targeted through a malware called Shadow PadAll 12 organizations qualify as critical infrastructure as per the Indian National Critical Information Infrastructure Protection Centre NCIIPC definitionWithin Indias power sector Red Echo conducted suspected network intrusions targeting at least 4 out of the countrys 5 Regional Load Despatch Centres RLDCs alongside 2 State Load Despatch Centres SLDCs the report stated RLDCs and SLDCs are responsible for ensuring realtime integrated operation of Indias power grid through balancing electricity supply and demand to maintain a stable grid frequencyThe report also talks about the October 2020 power outage in Mumbai links to a malware attack at a Padghabased State Load Despatch Centre However the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated in the studyOther Red Echo intrusions within the Indian power sector included the targeting of a highvoltage transmission substation and a coalfired thermal power plant The targeting of these critical power assets offer limited economic espionage opportunities but pose significant concerns over potential prepositioning of network access to support other Chinese strategic objectives the report statedReacting to the reports finding power ministry sources said that a system of monitoring and analysis of cyber activities is already in place at all RLDCs amp NLDC operated by the Power System Operation Corporation POSOCOFurther sources said that the ministry received an email from the Indian Computer Emergency Response Team CERTIn on November 19 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO Accordingly action has been taken to address these threatsSubsequently NCIIPC informed through a mail dated February 12 2021 about the threat by Red Echo through a malware called Shadow PadSources in the ministry said the report of Insikt referring to the threat actors were already informed to them by CERTin and NCIIPCAfter the ministry came to know about the threats all IPs and domains listed in the NCIIPC mail were blocked in the firewall at all control centresLog of firewall is being monitored for any connection attempt towards the listed IPs and domains Additionally all systems in control centres were scanned and cleaned by antivirus the sources in the ministry saidThe IPs mentioned in the Red Echo related advisory are matching with those given in Shadow padObservations from all RLDCs amp NLDC shows that there is no communication and data transfer taking place to the IPs mentioned There is no impact on any of the functionalities carried out by POSOCO due to the referred threat No data breachdata loss has been detected due to these incidents the ministry had notedPrompt action is being taken by the chief information security officers at all these control centres under operation by POSOCO for any incident or advisory received from various agencies like CERTin NCIIPC CERTTrans and othersThis story has been sourced from a third party syndicated feed agencies Midday accepts no responsibility or liability for its dependability trustworthiness reliability and data of the text Midday managementmiddaycom reserves the sole right to alter delete or remove without notice the content in its absolute discretion for any reason whatsoever