Indian power grid reportedly hit by Chinese cyberattacks

By Sead Fadilpašić
last updated

China denies deploying ShadowPad trojan

Zero-day attack
(Image credit: Shutterstock.com)

Chinese state-sponsored threat actors are engaged in a long-term cyberattack against India’s powerline operators, cybersecurity researchers are claiming.

Experts from Insikt Group discovered that seven Indian State Load Dispatch Centers (SLDC), that maintain the power grid in real-time, have all been compromised with a trojan.

All of them are apparently located in Ladakh, a region administered by India as a union territory, having been disputed between China, Pakistan, and India since the end of World War II.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Chinese denials

The trojan in use is called ShadowPad, and allegedly, it’s often used by threat actors with links to China’s Ministry of State Security. According to the researchers, the group behind the attack is known as Threat Activity Group 38. They managed to compromise internet-connected endpoints (opens in new tab) such as IP cameras, thanks to default login credentials which were most likely left unattended.

"The group likely compromised and co-opted internet-facing DVR/IP camera devices for command and control (C2) of ShadowPad malware infections, as well as use of the open source tool FastReverseProxy (FRP)," opined Insikt Group in its report.

The attackers’ intention wasn’t to destroy the infrastructure, at least not yet. Rather, they were more interested in intelligence gathering and cyber-espionage. That’s one of the reasons, it seems, why they were able to maintain their presence without being seen for so long.

Read more

> NCSC gives more advice for those using VPNs hit by Chinese cybercriminals (opens in new tab)

> Cyber-attackers will 'seek to disrupt' Olympics, says minister (opens in new tab)

> The pandemic is a racecourse for many a Trojan horse (opens in new tab)

The Chinese denied any involvement. Speaking to The Register, Chinese foreign spokesperson Zhao Lijian said the country keeps to the letter of the law and “firmly opposes” all forms of cyberattacks. One should be "all the more prudent when associating cyberattacks with the government of a certain country," he was cited saying.

Researchers from Insikt added that besides grid assets, the attackers impacted a national emergency response team, as well as a subsidiary of a logistics company.

Via: The Register (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news