New Delhi: Suspected state-sponsored Chinese hackers have targeted the power sector in India in recent months as part of an apparent cyber-espionage campaign, the threat intelligence firm Recorded Future Inc. said in a report published on Wednesday.
The hackers focused on at least seven “load dispatch” centres in northern India that are responsible for carrying out real-time operations for grid control and electricity dispersal in the areas they are located, near the disputed India-China border in Ladakh, the report said. One of the load dispatch centres previously was the target of another hacking group, RedEcho, which Recorded Future has said shares “strong overlaps” with a hacking group that the US has tied to the Chinese government.
“In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh,” the group said.
In addition, the hackers compromised an Indian national emergency response system and a subsidiary of a multinational logistics company, according to the report.
The hacking group, dubbed TAG-38, has used a kind of malicious software called ShadowPad, which was previously associated with China’s People’s Liberation Army and the Ministry of State Security, according to Recorded Future. Researchers didn’t identify the victims by name.
Jonathan Condra, a senior manager at Recorded Future, said the method the attackers used to make the intrusions — using compromised internet of things devices and cameras — was unusual. The devices used to launch the intrusions were based in South Korea and Taiwan, he said.
The Chinese Ministry for Foreign Affairs didn’t respond to a request for comment by press time. Beijing has consistently denied involvement in malicious cyber activity. Indian authorities also didn’t respond to a request for comment.