China has been targeting Indian utilities and infrastructure using cyber attacks to possibly coerce New Delhi on the border issue that the two countries have been involved in since June last year.
This comes even as India and China reaffirmed their commitment to ending the standoff in Ladakh late last month.
According to a report by the New York Times quoting a study by Recorded Future, a US internet security firm, Chinese malware “was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant” at the time of the Ladakh standoff. Recorded Future monitors state-sponsored cyber activity.
Recorded Future pointed out that a Chinese state-sponsored group, which it referred to as Red Echo, “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure”.
The Recorded Future study raised questions about the massive power outage in Mumbai on October 12 last year that virtually crippled India’s financial capital, causing chaos at hospitals and leading to the stoppage of its arterial suburban train network.
The New York Times noted, “The discovery [of malware] raises the question about whether an outage that struck on Oct. 13 [sic] in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.”
Indian media reports after the Mumbai outage did refer to the possibility of Chinese cyber activity. Recorded Future claimed it had notified the Computer Emergency Response Team (CERT-In), India’s nodal cybersecurity body, about its findings. The New York Times reported CERT-In had acknowledged receipt of the information, but had given no response about possible code inserted by Chinese elements into the electricity grid.
The newspaper further reported, “Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.”
While Recorded Future noted that a link between the Mumbai outage and malware “remains unsubstantiated,” the study noted “additional evidence suggested the coordinated targeting of the Indian load dispatch centers,” which balance the electrical demands across regions of the country, according to The New York Times.
Lt. General D.S. Hooda, the Indian Army officer, interpreted the possibility of Chinese cyber attack as “signalling” by Beijing.
“I think the signalling is being done (by China) that we can and we have the capability to do this in times of a crisis… It’s like sending a warning to India that this capability exists with us,” Hooda was quoted as saying by the newspaper.
As the Ladakh standoff began, Chinese hackers began concerted activity against India. “Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the incursions were so-called denial-of-service attacks that knocked these systems offline; others were phishing attacks, according to the police in the Indian state of Maharashtra, home to Mumbai,” the newspaper reported.
A new wave of attacks began with phishing emails to Indians in October and November. “Researchers tied the attacks to domains registered in China’s Guangdong and Henan Provinces, to an organization called Fang Xiao Qing. The aim… was to obtain a beachhead in Indians’ devices, possibly for future attacks,” The New York Times reported.