New Delhi: Four months back, Chinese and Indian troops were tangled into a surprise border battle in the remote Galwan Valley, fighting each other to death with rocks and clubs. Around same time, more than 1,500 miles away in Mumbai, power went out in a city of 20 million people incurring a heavy loss to the city’s economy as it forced the stock market to close.
The situation worsened with coronavirus outbreak as hospitals had to switch to emergency generators to keep ventilators running.
All these adversities were going on without anyone being doubtful of China’s role in it. However, someone got curious of these unpleasant events and studied extensively to concluded that those two events were connected- as part of a broad Chinese cyber campaign against India’s power grid, aimed to warn India if it pressed its claims too hard, the lights could go out across the country.
The pieces were put together by Recorded Future, a Somerville, Massachusetts, company that studies the use of the internet by state actors. As per its report, while the troops of two Asian superpowers were bashing each-other to death in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems of India that manage electric supply across the country, along with a high-voltage transmission substation and a coal-fired power plant.
The study found out that most of the malware was never activated and as Recorded Future could not invade India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. However, the company has notified concerned Indian authorities, but they are refraining to report what they have found.
As per the chief operating officer at Recorded Future, Stuart Solomon, the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”
The new findings have raised the question about whether the October 13 power outrage in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.
Meanwhile, Indian officials were also reported saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center. After these claims, authorities had also launched a formal investigation, which is due to report in the coming weeks. However since then, Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.
However, the Chinese government, which has not responded to the questions about the code in the Indian grid yet, could argue that India started the cyberaggression. Recently around late February, a patchwork of state-backed Indian hackers were caught using coronaviruavirus-themed phishing emails to target Chinese organizations in Wuhan. Following, which a Chinese security company, 360 Security Technology, accused India of using state-backed hackers to target hospitals and medical research organizations with phishing emails, in an espionage campaign.
The investigators who wrote the Recorded Future study revealed, “the alleged link between the outage and the discovery of the unspecified malware” in the system “remains unsubstantiated,” however they noted that “additional evidence suggested the coordinated targeting of the Indian load dispatch centers,” which balance the electrical demands across the country. Recorded Future report is set to be published on Monday.
Talking about the newest form of both aggression and deterrence, the retired Lt. Gen. D.S. Hooda, who has been a cyber expert and oversaw India’s borders with Pakistan and China said, “I think the signaling is being done” by China to indicate “that we can and we have the capability to do this in times of a crisis,” said Mr Hooda, adding, “It’s like sending a warning to India that this capability exists with us.”
A similar, conspicuous placement of malware in an adversary’s electric grid had also been signaled by the United States after its Department of Homeland Security announced publicly that the American power grid was littered with code inserted by Russian hackers. The United States put code into Russia’s grid in a warning to President Vladimir Putin.