in ,

The World At War: China Warns India; Push Too Hard and the Lights Could Go Out

As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.

Chinese state hackers seeded India’s power grid with cyber malware as the rivals last year skirmished over a disputed border in the Himalayas, a report has found.

China’s Hackers Target India’s Power Supply, Massive Mumbai Blackout Was a Warning Shot

Computer networks of at least 12 Indian state-run organisations, primarily power utilities and load dispatch centres, have been targeted by Chinese state-sponsored groups since mid-2020 in an attempt to inject malware that could cause widespread disruptions, a new study has revealed.

According to the study by Recorded Future, a US-based company that monitors the use of the internet by state actors for cyber-campaigns, NTPC Limited, the country’s largest power conglomerate, five primary regional load dispatch centres that aid in the management of the national power grid by balancing electricity supply and demand, and two ports were among the organisations attacked.

As per the Indian National Critical Information Infrastructure Protection Centre’s (NCIIPC) definition, all 12 organisations are critical infrastructure.

The activity appears to have started well before the May 2020 clashes between Indian and Chinese troops that triggered the border standoff along the Line of Actual Control in eastern Ladakh, the report said. It further stated, there was a “steep rise” in the use of a particular software by Chinese organisations to target “a large swathe of India’s power sector” from the middle of last year.

Some of the Chinese groups are known to have links to the Ministry of State Security (MSS), or China’s main intelligence and security agency, and the People’s Liberation Army (PLA). The report further alleged that apart from the power sector, numerous government and defence organisations were also on the radar.

“In the lead-up to the May 2020 skirmishes, we observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organizations. The PlugX activity included the targeting of multiple Indian government, public sector, and defense organizations from at least May 2020,” the report said.

The border standoff in Eastern Ladakh between the Indian and Chinese armies erupted on May 5 last year following a violent clash in the Pangong Lake area and both sides gradually enhanced their deployment by rushing in tens of thousands of soldiers as well as heavy weaponry. Earlier this month, the armies of the two countries concluded the withdrawal of troops and weapons from the north and south banks of Pangong Tso in the high-altitude region.

Although the report did not mention any disruptions caused by the insertion of malware, it talked about a massive power outage in Mumbai on October 13, 2020 that was allegedly caused by the insertion of malware at a state load dispatch centre in Padgha. Maharashtra power minister Nitin Raut had said at the time that authorities suspected sabotage was the cause of the outage.

The two-hour power outage caused the closure of the stock exchange, while trains were cancelled and offices across Mumbai, Thane and Mavi Mumbai were shut down.

However, the investigators of the Recorded Future study said that the alleged link between the outage and the discovery of the unspecified malware in the system “remains unsubstantiated” but “additional evidence suggested the coordinated targeting of the Indian load dispatch centers”.

Recorded Future said in its report, “At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Load Dispatch Centres.”

Red Echo, the Chinese group behind the intrusion, was described by Reported Future as having clear overlaps – in terms of both the technologies it hires and the victims it targets – with other organisations, including APT41/Barium and Tonto Team, who have been active in similar cyber-campaigns.

The 12 organisations that fell victim to the cyber attack by Red Echo included Power System Operation Corporation Limited, NTPC Limited, NTPC’s Kudgi power plant, Western Regional Load Dispatch Centre, Southern Regional Load Dispatch Centre, North Eastern Regional Load Dispatch Centre, Eastern Regional Load Dispatch Centre, Telangana State Load Dispatch Centre, Delhi State Load Dispatch Centre, the DTL Tikri Kalan (Mundka) sub-station of Delhi Transco Ltd, VO Chidambaranar Port and Mumbai Port Trust.

According to the report, these companies use a modular backdoor tool, ShadowPad, which has been used by the China-linked groups to launch their intrusion campaigns since 2017. “We assess that the sharing of ShadowPad is prevalent across groups affiliated with both Chinese Ministry of State Security (MSS) and groups affiliated with the People’s Liberation Army (PLA), and is likely linked to the presence of a centralized ShadowPad developer or quartermaster responsible for maintaining and updating the tool,” the report stated.

Red Echo “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure,” The New York Times quoted Recorded Future’s chief operating officer Stuart Solomon as saying.

A must read to understand the current WW3 underway:

Unrestricted Warfare: China’s Master Plan to Destroy America Paperback – Nov. 10 2015 by Colonel Qiao Liang (Author), Colonel Wang Xiangsui (Author) 4.5 out of 5 stars    727 ratings

Help us grow. Support The Duran on Patreon!


The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of The Duran.

What do you think?

-5 Points
Upvote Downvote
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Sue Rarick
March 7, 2021

The problem with any threat is that it first and foremost has to be creditable. The Chinese army has yet to prove it can beat anyone. Last winter in cold weather maneuvers less than 1/2 their equipment worked. Start a serious war in the Himalayan border area and India has Russian helicopters that can be used for the wounded and resupply – more than likely China will be back to pack mules for supplies and let the wounded die. Basically China is a paper tiger. If they interrupt too much of the India power grid I could very easily see… Read more »

Reply to  Sue Rarick
March 8, 2021

India is also a paper tiger, more so than China. India’s army is rife with corruption and caste discrimination, and is more likly to fold. India is also a tropical army, better suited to it’s own theatre of operations in warmer weather. Being an ex miilitary man, I’d put my money on China.

J Garbo
J Garbo
Reply to  Sue Rarick
March 8, 2021

Stay in Malibu, Wherever, work on your suntan and leave the thinking to others.

State Media CBC blames 1980s American radio and Donald Trump for public mistrust of journalism

COVID Vaccine Injury Reports Grow in Number, But Trends Remain Consistent • Children’s Health Defense