Chinese hackers target India's grid near Ladakh to collect intelligence
Chinese state-sponsored hackers are suspected to have targeted India's power sector in recent months under an apparent cyber-espionage campaign, revealed a report by threat intelligence firm Recorded Future Inc. At least seven "load dispatch" centers in northern India that carry out real-time grid control and electricity dispersal operations in areas close to the disputed India-China border in Ladakh were targeted, the report claimed.
- The findings come at a time when hostility between India and China has been growing due to differences over the borders between the two countries in Ladakh and Arunachal Pradesh.
- While Beijing has often been accused of such malicious cyber activities, it has consistently denied its involvement.
- About this latest development, too, Chinese authorities have not yet responded to queries sent by Bloomberg.
According to the Recorded Future report, an Indian national emergency response system, as well as a subsidiary of a multinational logistics company, were also compromised by the hackers. However, the identities of the victims of the attacks were not revealed in the report.
The report also said that the hacking group—TAG-38—used malicious software called ShadowPad to target the power sector. Interestingly, ShadowPad was previously associated with China's People's Liberation Army and the Ministry of State Security, claimed Recorded Future's report. Furthermore, one of the load dispatch centers previously was the target of another hacking group—RedEcho—that shares "strong overlaps" with a hacking group linked to the Chinese government.
The report noted that the purpose of the hackers was not economic espionage or traditional intelligence gathering. "The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence gathering opportunities," the report said. It contended that the hacking was instead intended to "enable information gathering surrounding critical infrastructure and/or pre-positioning for future activity."
As per the report, the method used by the hackers to attack the power sector was quite unusual. It said the attackers used to make the intrusions by the use of compromised internet of things devices and cameras. The report further added that the devices, which were used to launch these intrusions, were based in South Korea and Taiwan.