Since last year, Indian and Chinese governments are fighting on several fronts including diplomatic, economic, and also on borders with their military might. In May, 2020, Indian and Chinese troops confronted each other with rocks and clubs in Galwan Valley, which resulted in the death of almost two dozen army men from both sides. The technological turf also saw some fierce fighting and the Indian government blocked 267 Chinese apps, on various occasions in 2020. Now that both sides have decided to retreat, a new study has shown that China sponsored hacking caused Mumbai blackout of last year.
Amid ongoing heated tension, on October 13, Mumbai (often referred to as the commercial capital of India) faced a power outage (Blackout) in the entire city. It was a very unusual event! And alarming as well. This led the whole city in the darkness and ventilators without oxygen in the times of a pandemic. Hospitals were reliant on generators for the functioning of the equipment. Mumbai Police suspected a cyber-attack behind the outage but did not give any further statement related to it.
A new study now shows that the two events, confrontation by the troops and blackout in Mumbai, could be related. In order to prove the power, China is trying to tell the Indian Government that if it does not stop pressing its claims strongly, India may face more such power outage on a Pan-India level.
Recorded Future, a company that studies use of Internet by state actors, found that the most of the Malware was never actually activated. Stuart Solomon, Recorded Future’s chief operating officer, told New York Times that the Chinese state-sponsored group, Red Echo, “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.” Recorded Future sent its finding and early warning to Computer Emergency Response Team (CERT-IN). CERT-IN has acknowledged the receipt of the warning but never responded to Recorded Future, similar to what happened in case of Sakura Samurai vulnerability disclosure.
National Critical Infrastructure
The Indian Authorities are investigating the cyberattack but their finding is yet to be made public. IT systems related to power and energy are considered as the Critical Information infrastructure and Protected System Under Information Technology Act, 2000. Any person securing access or attempts to secure access to a protected system without proper authorization can be punished with an imprisonment of ten years and fine as per Section 70 of IT Act. Indian Government has also appointed National Critical Information Infrastructure Protection Centre as Nodal Agency under Section 70 A. This agency is responsible for protecting Critical information infrastructure against cyber warfare or cyber terrorism. There is another agency responsible for the incidence response, Computer Emergency Response Team, CERT-IN.
It is expected that the CERT-IN will reveal their findings on Mumbai outage and the Chinese government sponsored cyberattack.
Update: Livemint has reported that the Government has confirmed that Chinese hackers did not penetrate grids.