China has been accused of conducting a long-term cyber attack on India's power grid, and has been implicated in cyber attacks against targets in Ukraine.
Cybersecurity firm Insikt Group found network intrusions at seven Indian State Load Dispatch Centers (SLDCs) that conduct real-time operations for grid control and electricity dispatch, according to a report released Wednesday. All seven SLDCs were located near the disputed India-China border in Ladakh.
Although one of the SLDCs had been previously targeted – in a 2020 incident that Insikt Group named
RedEcho and credited to Beijing – the newly identified intrusions target an almost entirely different set of victims.
Insikt
stated that in addition to attacking grid assets, the operation impacted a national emergency response team and the Indian subsidiary of a logistics company.
The operation used a trojan called
ShadowPad, thought to have links to contractors serving China's Ministry of State Security (MSS).
The attackers, sometimes identified a Threat Activity Group 38 (TAG-38), are believed to have infiltrated the system via third-party devices like IP cameras that may have been left vulnerable when their default credentials were kept in place.
"The group likely compromised and co-opted internet-facing DVR/IP camera devices for command and control (C2) of ShadowPad malware infections, as well as use of the open source tool FastReverseProxy (FRP)," opined Insikt Group in its report.
www.theguardian.com
