Acknowledging the rising Chinese threat, the Indian government told the Parliament Standing Committee on Information Technology that the country has robust cybersecurity mechanisms in place and it is well prepared to counter and thwart any Chinese attacks.
The government said that it has the cutting-edge technology, standard operating procedures, and processes to tackle such scenarios in a response to questions about the recent Mumbai power outage to a Chinese state-backed firm.
On February 28, the US-based cybersecurity firm “Recorded Future” published a report saying it had observed a “steep rise” in the use of resources like malware by a Chinese group called Red Echo to target “a large swathe” of India’s power sector. The report had attributed to the infiltration of Chinese state-backed hackers in at least ten electricity assets owned by NTPC and POSCO.
It said ten distinct Indian power sector organisations were targeted, including four Regional Load Despatch Centres (RLDCs) that are responsible for the smooth operation of the country’s power grid by balancing the supply and demand of electricity.
Red Echo used malware called ShadowPad, which involves the use of a backdoor to access servers. The Ministry of Power on Monday confirmed these attempts, stating it had been informed in November 2020 about the ShadowPad malware “at some control centres” of the Power System Operation Corporation Ltd (POSOCO), the government enterprise in charge of facilitating the transfer of electricity through load despatch centres.
It had said “no data breach/data loss” had been detected due to the incidents and that none of POSOCO’s functions had been impacted. The government said it had taken action against the threats observed.
“The attempts by the Red Echo group have been occurring since at least the middle of last year, around the time a bloody skirmish between Indian and Chinese soldiers took place along the Line of Actual Control (LAC) in eastern Ladakh,” Recorded Future said.
“As bilateral tensions continue to rise, we expect to see a continued increase in cyber operations being conducted by China-linked groups such as RedEcho in line with national strategic interests,” it added.
Recent cyber intrusions also crippled systems at banks and caused a glitch at the country’s premier National Stock Exchange.
Last year, evidence emerged of a Chinese government-linked company’s attempt to monitor the digital footprint of thousands of Indian citizens.
In November, the government was apprised of a malware threat in segments of its power infrastructure. Now, a cyber-intelligence firm claims another Chinese government-linked hacking group has targeted the makers of the two vaccines currently used in India’s COVID-19 vaccination programme.
The Goldman Sachs-backed cyber intelligence firm Cyfirma said a Chinese hacker group known as Stone Panda had “identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India”.
Some Indian companies involved in COVID-19 vaccine development have said that they have noticed a nearly hundred-fold increase in cyber-attack attempts by foreign entities from countries like China and Russia over the last six months.
India is working on a new national strategy to strengthen the country’s cyber-security amid China’s cyber eye, revealed Lt Gen Rajesh Pant, the country’s National Cyber Security Coordinator earlier in March.
Disclosing about the plan, he said it would coordinate responses across ministries including Home Affairs, Information Technology, Defence and the National Critical Information Infrastructure Protection Centre in case of an attack and set audit procedures in place.
“The new strategy will lay down protocols for prevention and audit to secure the government’s digitally connected water, health and education systems that are all being treated as critical infrastructure,” he said.