Indian power grid reportedly hit by Chinese cyberattacks
China denies deploying ShadowPad trojan
Chinese state-sponsored threat actors are engaged in a long-term cyberattack against India’s powerline operators, cybersecurity researchers are claiming.
Experts from Insikt Group discovered that seven Indian State Load Dispatch Centers (SLDC), that maintain the power grid in real-time, have all been compromised with a trojan.
All of them are apparently located in Ladakh, a region administered by India as a union territory, having been disputed between China, Pakistan, and India since the end of World War II.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Chinese denials
The trojan in use is called ShadowPad, and allegedly, it’s often used by threat actors with links to China’s Ministry of State Security. According to the researchers, the group behind the attack is known as Threat Activity Group 38. They managed to compromise internet-connected endpoints such as IP cameras, thanks to default login credentials which were most likely left unattended.
"The group likely compromised and co-opted internet-facing DVR/IP camera devices for command and control (C2) of ShadowPad malware infections, as well as use of the open source tool FastReverseProxy (FRP)," opined Insikt Group in its report.
The attackers’ intention wasn’t to destroy the infrastructure, at least not yet. Rather, they were more interested in intelligence gathering and cyber-espionage. That’s one of the reasons, it seems, why they were able to maintain their presence without being seen for so long.
The Chinese denied any involvement. Speaking to The Register, Chinese foreign spokesperson Zhao Lijian said the country keeps to the letter of the law and “firmly opposes” all forms of cyberattacks. One should be "all the more prudent when associating cyberattacks with the government of a certain country," he was cited saying.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Researchers from Insikt added that besides grid assets, the attackers impacted a national emergency response team, as well as a subsidiary of a logistics company.
Via: The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.