India's power sector was targeted by suspected Chinese state-sponsored hackers in an espionage attempt, according to cyber security firm Recorded Future.
The cyber security firm observed likely network intrusions targeting at least seven Indian state load dispatch centres responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states in recent months.
This targeting has been geographically concentrated, with the identified state load dispatch centres located in North India, in proximity to the India-China border in Ladakh, the report said.
In addition to the targeting of power grid assets, the hackers also attacked a national emergency response system and the Indian subsidiary of a multinational logistics company, according to the report.
The hackers allegedly used malware software Shadowpad, which continues to be employed by an ever-increasing number of People’s Liberation Army (PLA)-linked groups
India's union power minister RK Singh on Thursday said that two attempts were made by Chinese hackers who aimed to target electricity distribution grid centres near Ladakh.
The attackers, however, remained unsuccessful, he added.
"Two attempts were made by Chinese hackers to target electricity distribution centres near Ladakh but were not successful. We have already strengthened our defence system to counter such cyber attacks," Singh told news agency ANI.
"The reports are about January-February and not recently. Those attempts were already reported to us and we had a meeting with concerned states in this regard. We have repeatedly reviewed the situation," Singh said, adding, "We have put our system to stop."
Recorded Future's Insikt Group reported on intrusion activity targeting operational assets within India's power grid in February 2021. This was attributed to a likely Chinese state-sponsored threat activity group by the cyber security firm.
Despite a partial troop disengagement between India and China from February 2021, the prolonged targeting of Indian critical infrastructure continues to raise concerns over pre-positioning activity being conducted by Chinese adversaries, the report said.
Given the continued targeting of state and regional load dispatch centres in India over the past 18 months, this targeting is likely a long-term strategic priority for select Chinese state-sponsored threat actors active within India, said Recorded Future.
"The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence-gathering opportunities. We believe this targeting is instead likely intended to enable information gathering surrounding critical infrastructure systems or is pre-positioning for future activity."
Recorded Future said it notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within affected organizations.