A new study suggests that last year’s blackout in Mumbai, dubbed the worst blackout in decades, may be related to tensions on the India-China border. The report adds that the mega power outage in Mumbai could be the result of a cyber attack from China to give India a sign not to push too hard.
The report, cited by the New York Times, claims the malware was injected into the control systems responsible for powering electricity across India when the Indians and Chinese soldiers competed at the border. In particular, this is not the first report to point to China’s cyber attack that led to the power outage in Mumbai.
Last November, India Today’s report announced that Maharashtra’s cyber department suspected that a malware attack could be behind the blackout. The main cause of the blackout was allegedly the triggering at the cargo shipping center in Padgha in the Thane district.
On October 12th last year, Mumbai faced a massive power outage that lasted a few hours from 10 a.m. However, the problem was resolved by noon.
In November, India Today reported that during the initial investigation by Maharashtra’s cyber department, they had followed the infusion of malware at the state cargo shipping center in Padgha.
According to the NYT report, malware tracking was carried out by Recorded Future, a cybersecurity company founded in 2009 and headquartered in Somerville, Massachusetts. The company claims that most of the malware was not activated, which may mean that a small amount of the malware caused the power outage in Mumbai. However, the report adds that the cybersecurity company was unable to investigate the code itself because of the limitations, which meant it couldn’t get into India’s power systems. The report says the cybersecurity company notified the Indian authorities.
The company has named the state-sponsored Chinese group RedEcho, which is most likely blamed for the power outage in Mumbai.
The report quotes Stuart Solomon, Chief Operating Officer of Recorded Future, who said the RedEcho “systematically used advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes in India’s power generation and transmission infrastructure.”
In a blog post published in Recorded Future, the company put down its observations about targeted attacks against Indian authorities. “Since the beginning of 2020, Recorded Future’s Insikt Group has seen a sharp increase in suspected targeted intruder activities against Indian organizations by government-sponsored Chinese groups. As of mid-2020, Recorded Future’s Midpoint Collection showed a sharp increase in the use of the infrastructure recorded as AXIOMATICASYMPTOTE This includes ShadowPad Command and Control (C2) server to target a large part of the Indian energy sector. 10 different Indian energy sector organizations including 4 of the 5 Regional Load Despatch Centers (RLDC) responsible for running the power grid The balance between supply and demand for electricity was identified as a target in a concerted campaign against India’s critical infrastructure. Other identified targets were two Indian seaports, “the company said.
The cybersecurity firm points out that despite some overlap with previous groups, there isn’t enough evidence to attribute the Mumbai power outage to an existing hacking group. However, it “continues to be tracked as a closely related but distinct activity group, RedEcho”.
The cybersecurity company has sent its results to the Indian Computer Emergency Response Team (or CERT-In) of the Indian Ministry of Electronics and Information Technology. It adds that the government has confirmed the receipt twice, although there is no confirmation that the code infected on the power grid may have links to hackers from China.