India’s power sector has been targeted in recent months by suspected state-sponsored Chinese hackers as part of an evident cyber-espionage campaign, according to a report by the threat intelligence firm Recorded Future Inc. published on Wednesday.
The hackers targeted at least seven Load Despatch Centres (SLDCs) in northern India responsible for carrying out real-time operations for grid control and electricity dispatch in the areas they are situated in, near the disputed India-China border in Ladakh, the report notes.
One of the SLDCs was also targeted earlier by another hacking group, RedEcho, which Recorded Future said shares “strong overlaps” with a hacking group that the US has linked to the Chinese government.
“The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence-gathering opportunities,” the report states.
“We believe this is instead likely intended to enable information-gathering surrounding critical infrastructure and/or pre-positioning for future activity,” it adds.
Furthermore, the hackers also compromised an Indian national emergency response system as well as a subsidiary of a multinational logistics firm, the report states.
The hacking group, named TAG-38, has used ShadowPad malware, which is a kind of malicious software that steals data from a victim computer and automatically communicates with the computer servers at the hacker’s end.
The malware was earlier associated with China’s People’s Liberation Army (PLA) and the Ministry of State Security, as per Recorded Future.
China has constantly refuted its involvement in malicious cyber activity despite several accusations that it sponsors criminal contract hackers.
(With inputs from Ankit Kumar.)