Between August and March, China launched a cyber attack on the power grid near Ladakh, according to a report
The Chinese hackers were attempting to obtain information on important infrastructure systems, according to the intelligence firm Recorded Future.
According to a report released on Wednesday by private intelligence firm Recorded Future, Chinese state-sponsored hackers targeted Indian electricity distribution centres near Ladakh over the last eight months, posing a new potential flashpoint following a protracted military standoff between the two countries in the region.
”In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh,” the group said.
According to sources, the attacks occurred between August and March of last year. According to them, the study discovered data flowing in and out of Indian Load Despatch Centres to Chinese state-sponsored command and control servers located all over the world.
“In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group,” Recorded Future said.
Before publishing the paper, the group says they informed the government of their findings. A request for comment from the government has yet to be answered.
The Chinese attackers were attempting to obtain information regarding important infrastructure systems, according to the intelligence business, which is one of the world’s largest and specialises in identifying risks from state-sponsored hackers.
”Given the continued targeting of State and Regional Load Despatch Centres in India over the past 18 months, first from RedEcho and now in this latest TAG-38 activity, this targeting is likely a long-term strategic priority for select Chinese state-sponsored threat actors active within India,” it said.
”The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence-gathering opportunities. We believe this targeting is instead likely intended to enable information gathering surrounding critical infrastructure systems or is pre-positioning for future activity,” it added.
”The objective for intrusions may include gaining an increased understanding into these complex systems in order to facilitate capability development for future use or gaining sufficient access across the system in preparation for future contingency operations,” Recorded Future said.
Around the world, high-profile cyber-attacks are on the rise. Last year, a ransomware attack on a major gas pipeline impacted millions of people on the east coast of the United States, while a significant part of Australia was on the verge of losing electricity after a crucial energy network was hit.
The company said it had reported the compromising of ten different Indian power sector organisations in February of last year, including four of the five Regional Load Despatch Centres (RLDC), two ports, a significant generator operator, and other operational assets.
”Recorded Future continues to track Chinese state-sponsored activity groups targeting a wide variety of sectors globally… However, the coordinated effort to target Indian power grid assets in recent years is notably distinct from our perspective and, given the continued heightened tension and border disputes between the two countries, we believe is a cause for concern,” it said.
India and China have long fought over their broad 3,500-kilometer border, and in 1962, they fought a brief border war in Arunachal Pradesh.
Tensions rose in 2020 after a deadly high-altitude conflict in Ladakh’s far-northern area, which saw troops fighting hand-to-hand in the contested Galwan Valley.
Multiple rounds of discussions have failed to de-escalate tensions since then, and both sides have bolstered the region with more military gear and hundreds of extra soldiers.
India declared last month that relations with China could not return to normal unless both countries’ forces moved back from each other, but Beijing struck a more conciliatory tone during their foreign ministers’ meeting in New Delhi.