A long power-cut in India’s financial capital, Mumbai, in 2020 has been making headlines again after a new study claimed Chinese hackers helped take the electricity out—and could do it again.
The day-long power cut, which took place in October, as India and China remained in a months-long standoff along the Line of Actual Control in eastern Ladakh, was alleged to have been a warning from China to India not to provoke it any further.
Responding to the US company’s study, the Maharashtra government confirmed that the massive power outage was an act of sabotage, with Energy Minister Nitin Raut citing “preliminary information” to make the claim.
Now, China’s foreign ministry spokesperson has responded to the claims, calling them “speculation and fabrication”.
“As a staunch defender of cyber security, China firmly opposes and cracks down on all forms of cyber attacks,” spokesperson Wang Wenbin said in response to a question from Reuters.
“Speculation and fabrication have no role to play on the issue of cyber attacks, as it is very difficult to trace the origin of a cyber attack. It is highly irresponsible to accuse a particular party when there is no sufficient evidence around. China is firmly opposed to such irresponsible and ill-intentioned practice,” he added.
In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.
Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.
The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.
According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.
Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.
Other targets identified included two Indian seaports, it said, adding the targeting of Indian critical infrastructure offers limited economic espionage opportunities.
However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.
Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, it said.
RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.
Recorded Future said in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.
The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.
While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.
Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.
Recorder Future also alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.
Interacting with media persons outside the Vidhan Bhavan in Mumbai on Monday, Raut said the state government, the Maharashtra Electricity Regulatory Commission (MERC) and the Central Electricity Authority had set up separate committees to probe the cause of the power outage and their reports have been received.
"We had then complained to the cyber cell and their report is awaited. But the preliminary information I have, there definitely was a cyber attack and it was a sabotage," he said.
With inputs from PTI