RedEcho, ShadowPad — how Chinese hackers may have accessed critical Indian computer systems

screen of a cell phone

© Provided by The Print

New Delhi: Speculation is rife whether last October’s massive power outage in Mumbai was caused by hackers linked to China after a New York Times report claimed there had been a cyber campaign targeting India amid the border standoff in Ladakh.

Maharashtra’s Energy Minister Nitin Raut Monday confirmed that the outage, which brought Mumbai to a near stop for several hours on 12 October, was a result of a cyberattack and called it “sabotage”. However, he didn’t elaborate further on where the cyberattack originated from.

The NYT report, dated 28 February, is based on a report by American cybersecurity firm Recorded Future, titled ‘China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions’. The study talked of a “campaign conducted by a China-linked threat activity group, RedEcho, targeting the Indian power sector”.

It identified 12 critical infrastructure entities in India that could have been targeted, which includes 10 power sector organisations and two maritime sector organisations.

Recorded Future had cited regional media in its report to say the power disruption was likely caused by malware found at an electricity despatch center near Mumbai. Despatch centres manage and monitor the efficient transmission of electricity through the power grid.

But the firm added: “At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated.”

The Union power ministry issued a report Monday, stating it had received an email from the Indian Computer Emergency Response Team (CERT-In) on 19 November 2020 about a malware threat ShadowPad “at some control centres of POSOCO (Power System Operation Corporation Limited)”.

The malware ShadowPad has been linked to China-backed hackers in the past.

The ministry said it had also received an email on 12 February 2021 from the National Critical Information Infrastructure Protection Centre (NCIIPC) that said, “Chinese state-sponsored threat Actor group known as Red Echo is targeting Indian Power sector’s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs).”

The ministry…