The Union Ministry of Power on Monday brushed off a report linking the Mumbai power outage in October last year to a Chinese cyber attack.
On October 12, Mumbai witnessed massive power outages due to grid failure, hampering train services and hitting the stuttering economic activity hard.
In a statement, the power ministry said, "An email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action has been taken to address these threats."
"NCIIPC informed through mail on Feb 12 about threat by Red Echo through malware Shadow Pad that 'Chinese state-sponsored threat actor group known as Red Echo is targeting Indian Power sector's Regional Load Dispatch Centres along with State Load Dispatch Centres'," the ministry added.
The CERT-in (Indian Computer Emergency Response Team) is the nodal agency to deal with cyber security threats like hacking and phishing. The NCIIPC (National Critical Information Infrastructure Protection Centre (NCIIPC) is national nodal agency for critical information infrastructure protection.
A Chinese government-linked group of hackers targeted India's critical power grid system through malware, Recorded Future, a Massachusetts-based company, said in its latest study. Recorded Future, which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.
The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis. Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.
In response to the allegation, Chinese Foreign Ministry spokesman Wang Wenbin on Monday rejected the criticism about China's involvement in the hacking of India's power grid, saying it is "irresponsible and ill-intentioned" to make allegations without proof.
The Mumbai Power outage
On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.
It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.
In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.
The ministry explained in its statement, "The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November,2020. Observations from all RLDCs (regional load dispatch centres) & NLDC (national load dispatch centre) shows that there is no communication & data transfer taking place to the IPs mentioned."
All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres. Log of firewall is being monitored for any connection attempt towards the listed IPs and domains. Additionally, all systems in control centres were scanned and cleaned by antivirus, the ministry added.
( Inputs from wires)