Chinese-government linked attackers possibly gained access to computer networks part of India’s power infrastructure, a US-based cybersecurity firm has said, citing technical clues that federal power ministry officials separately said had been on their radar, fuelling speculation that a blackout in Mumbai last year may have been the result of sabotage.
First reported by the New York Times on Monday, security consultancy Recorded Future said the attackers (which it calls RedEcho) targeted at least “10 distinct power sector organisations” with a malware known as ShadowPad.
Hours after the disclosure, the Union power ministry said it had received inputs from Indian agencies — first in November and then again in February this year — about the threat of infection from ShadowPad, prompting remedial measures to be taken.
“The IPs mentioned in RedEcho related advisory are matching with those given in ShadowPad Incidents already informed by CERT-IN in the month of November, 2020,” said a statement by the Union power ministry, which added that “there is no impact on any of the functionalities carried out by POSOCO (Power System Operation Corporation Limited) due to the referred threat,” the ministry said.
“No data breach/ data loss has been detected due to these incidents.”
The statement appeared to suggest that the attacks were not behind the October 12, 2020 power outage in Mumbai t