On October 12 2020 in India’s financial capital Mumbai the local train shut down and the stock market closed as the power went out. Hospitals that were fighting against deadly coronavirus had to switch to emergency generators and all the city practically went on a blackout. Today, a report by the New York Times came which alleged that Chinese state sponsored ‘Red Echo’ was behind the cyber-attack which led to the Mumbai power outage in October 2020, amid tension on the India-China border.
NYT report was based on claims by the American cyber firm Recorded Future.
Now, the Indian power ministry has come out with an official statement on the NYT China cyber-attack leading to the Mumbai outage story. The statement says, “There is no impact on any of the functionalities carried out by POSOCO due to the referred threat”.
India’s Power Ministry Full report is as follows:
Background:
A report from Insikt talks about the imminent threat from the Red Echo group based in China. The report has been analysed and observations are as under:
A system of monitoring and analysis of Cyber activities is already in place at all RLDCs & NLDC, operated by POSOCO. Further, an email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action has been taken to address these threats. Subsequently, NCIIPC informed through a mail dated 12th February, 2021 about the threat by Red Echo through a malware called Shadow Pad. It stated that:
“Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs).”
Some IP addresses and domain names were mentioned. The report of Insikt also refers the threat actors already informed by CERT-in & NCIIPC.
Action Taken:
- All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres.
- Log of firewall is being monitored for any connection attempt towards the listed IPs and domains.
- Additionally, all systems in control centres were scanned and cleaned by antivirus.
Observations:
- The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November, 2020.
- Observations from all RLDCS & NLDC shows that there is no communication & data transfer taking place to the IPs mentioned.
Impact:
There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/ data loss has been detected due to these incidents.
Conclusion:
Prompt actions are being taken by the CISOs at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc.
Breaking: Official statement by India’s power ministry on NYT China cyber attack leading to Mumbai outage story. Says,”There is no impact on any of the functionalities carried out by POSOCO due to the referred threat” pic.twitter.com/GkXHARds4k
— Sidhant Sibal (@sidhant) March 1, 2021
