The Chinese hackers were attempting to gather information about critical infrastructure systems, according to the intelligence firm Recorded Future.
According to a report released on Wednesday by private intelligence firm Recorded Future, Chinese state-sponsored hackers targeted Indian electricity distribution centres near Ladakh over the last eight months, posing a new potential flashpoint following a protracted military standoff between the two countries in the region.
“In recent months, we’ve seen possible network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs), which are responsible for real-time grid control and electricity dispatch within their respective states.” This targeting has been geographically concentrated, with the identified SLDCs located in North India, close to the disputed India-China border in Ladakh,” according to the group.
According to sources, the attacks occurred between August and March of last year. According to them, the investigation discovered data flowing in and out of Indian Load Despatch Centres to Chinese state-sponsored command and control servers located all over the world.
“We identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group, in addition to the targeting of power grid assets,” Recorded Future said.
Before publishing the report, the group said they informed the government of their findings. A request for comment from the government has yet to be answered.
The Chinese attackers were attempting to gather information surrounding critical infrastructure systems, according to the intelligence firm, which is one of the world’s largest and specialises in identifying threats from state-sponsored hackers.
“Given the continued targeting of State and Regional Load Despatch Centres in India over the last 18 months, first from RedEcho and now in this latest TAG-38 activity, this targeting is likely a long-term strategic priority for select Chinese state-sponsored threat actors active within India,” the report said.
“The long-term targeting of Indian power grid assets by Chinese state-linked groups presents limited opportunities for economic espionage or traditional intelligence gathering.” We believe this targeting is more likely to be used to gather information about critical infrastructure systems or to set the stage for future activity,” it continued.
“The goal of intrusions could be to gain a better understanding of these complex systems in order to facilitate capability development for future use or to gain enough access across the system in preparation for future contingency operations,” according to Recorded Future.
Around the world, high-profile cyber-attacks are on the rise. Last year, a ransomware attack on a major gas pipeline impacted millions of people on the east coast of the United States, while a large swath of Australia was on the verge of losing power after a key energy network was hit.
The group said it had reported the compromise of ten different Indian power sector organisations in February of last year, including four of the five Regional Load Despatch Centres (RLDC), two ports, a large generation operator, and other operational assets.
“Recorded Future continues to track Chinese state-sponsored activity groups targeting a wide variety of sectors around the world… However, the coordinated effort to target Indian power grid assets in recent years is notably different from our perspective and, given the continued heightened tensions and border disputes between the two countries, we believe is a cause for concern,” it said.
India and China have long fought over their vast 3,500-kilometer border, and in 1962, they fought a brief border war in Arunachal Pradesh.
Tensions rose in 2020 after a deadly high-altitude skirmish in Ladakh’s far-northern region, which saw troops fighting hand-to-hand in the contested Galwan Valley.
Multiple rounds of talks have failed to de-escalate tensions since then, and both sides have bolstered the region with more military hardware and thousands of extra soldiers.
India said last month that relations with China could not return to normal until both countries’ troops pulled back from each other, but Beijing struck a more conciliatory tone during their foreign ministers’ meeting in New Delhi.