According to a new study, Chinese state-sponsored groups have infiltrated the computer networks of at least a dozen Indian state-run organisations, primarily power utilities and load dispatch centres, in an attempt to insert malware that could cause widespread disruptions.
According to the study by Recorded Future, a US-based company that tracks the use of the internet by state actors for cyber-campaigns, NTPC Limited, the country’s largest power conglomerate, five key regional load dispatch centres that help in the management of the national power grid by balancing electricity supply and demand, and two ports were among the organisations targeted.
The operation appears to have started well before the Indian-Chinese troop clashes in May 2020.
The alleged intrusions by Chinese organisations, some with established links to China’s main intelligence and security agency, the Ministry of State Security (MSS), and the People’s Liberation Army (PLA), were not confined to the power sector, according to the paper. Moreover, there were obvious attempts to attack a range of government and defence organisations.
While Reported Future was unable to say if the Chinese groups’ malware caused any disturbances, the report did mention a major power outage in Mumbai on October 13, 2020, which was allegedly caused by malware inserted at a state load dispatch centre in Padgha.
According to The New York Times, Registered Future announced its findings to India’s Computer Emergency Response Team (CERT-In), which acknowledged receipt of the details but did not state if the malware had been detected in the targeted organisations.