How Chinese hackers tried to shutdown Indian electrical grids

Critical infrastructure in India has been targeted by a hacking group allegedly sponsored by Chinese cybercriminals. According to a report by the cybersecurity firm Recorded Future, this attack managed to impact the operations of the Indian energy sector, causing severe blackouts in several territories.

Investigators collected multiple pieces of evidence that Chinese hackers managed to target seven Indian state centers responsible for carrying out the dispatch of electric power, in addition to taking control of a network located at a border point.

The hackers would have used the Trojan known as ShadowPad during the attack. This malware would have been developed by cybercriminals paid by the Government of China, a common practice of state-sponsored hacking.

In its report, Recorded Future mentions that ShadowPad continues to be used by an increasing number of groups linked to the People’s Liberation Army and the Ministry of State Security, with its origins linked to Chinese government contractors.

Chinese Foreign Ministry spokesman Zhao Lijian said his government is aware of these reports, saying China has always spoken out against cyberattacks: “I would like to advise the company in question that if they are really concerned about global cybersecurity, they should pay more attention to cyberattacks by U.S. government hackers against the rest of the world.”

On the other hand, Indian Ministry of External Affairs spokesman Arindam Bagchi said his country has not discussed the issue with China: “We have seen reports. There is a mechanism in place to safeguard our critical infrastructure to keep it resilient. We have not raised this issue with the government of China.”

Features of this incident such as prolonged targeting of India’s power grid make researchers believe that the main objective of this campaign is to collect information around surrounding critical infrastructure systems, or to have an access point to critical information for future hacking campaigns.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.