Chinese State-Supported Actors Target India’s Power Grid

• Chinese hackers are systematically targeting key power grid units in India, creating disruption when needed.
• The hackers have been engaging in this activity for over a year now, and it seems to be a very specific group of actors.
• India has a widespread problem with state-supported actors, and it won’t be easy to clean and protect all its crucial systems now.

The ongoing hostilities between India and China also extend to the cyber-space, and it appears that India isn’t exactly ready to thwart what comes from the other side of the Himalayas. According to a Recorded Future report, Chinese state-supported hackers have spent a full year targeting a significant part of India’s power sector, including ten individual power sector organizations.

All of these units are critical for the operational aspect of the country’s power grid, as they balance supply and demand. The targets include high-voltage transmission substations, coal-based thermal power plants, and even seaports.

The hackers are reportedly using the ‘ShadowPad’ backdoor, which is a modular malware previously linked to the APT41 group (aka Barium). FireEye has also reported seeing this malware being deployed by Chinese hackers who had cyber-espionage motives. Due to specific quirks in the techniques, infrastructure tactics, and infection procedures, Recorded Future actually believes the attacks against India’s power grid are the work of a group called “RedEcho,” which shares many similarities and linkages with other state-supported actors from China but are distinct.

The researchers collected evidence of this activity since early 2020, using multiple data sources, tools, and techniques, so they could confirm that what they logged was a lengthy highly-sophisticated campaign and not just reconnaissance or small-scale attacks. The analysts also commend that the hacks’ purpose wasn’t to collect intelligence but to send strategic messages.

Whenever the tensions between the two countries heated up, the Chinese hackers moved to cut the power or introduce disruption in the grid, using their previously established presence in these networks. The New York Times reported on several occasions of this kind, so the facts add up.

Of course, the Recorded Future team has already informed the Indian government about its findings and shared advice on what to do to protect these crucial systems from hackers. Still, it’s up to them to take action and mitigate the associated risks as quickly as possible.

For that to happen, first, they’ll have to uproot the presence of the Chinese hackers, which means finding and removing all malware and backdoors from intricate networks and systems. For countries of India’s operational size, and at the point that its IT advancement stands right now, that’s easier said than done.