How a warning about ShadowPad, Red Echo saved the national power grid from being hacked
New Delhi, Mar 02: CERT-In, India's cyber security agency had in November detected ShadowPad malware, one of the largest supply chain attacks. The agency had alerted the national power grid operator and its regional units on November 19 about the malware and attempts being made to hack.
The National Critical Information Infrastructure Protection Centre had on February 12 warned about Red Echo, which is a Chinese state sponsored actor group. The warning stated that the group is trying to break into the grid control systems. It was further learnt that the IPs in Red Echo and ShadowPad instances matched, following which list of the IPs and domains were sent out.
Following these alerts the additional safety protocols were activated and the IPs that were listed by the NCIIP were blocked in the firewalls. Further all the systems were scanned and cleaned, following these alerts.
Thanks to these alerts and the protocols that were followed, the National Power Grid system was saved from being hacked.
On Monday a report said that a massive power outage in Mumbai last October may have been the handiwork of China. Beijing has however denied this.
The report says that a China linked threat activity group, RedEcho targeted the Indian power sector.
The links to the Mumbai outage provides additional evidence suggesting the coordinated targeting of Indian Load Dispatch Centres, the report further stated.
The flow of Malware was pieced together by Recorded Future, a US based company that studies the use of internet by state actors. It found that most of the malware was never activated. Because Recorded Future could not get inside India's power systems, it could not examine the details of the code itself.
"From mid-2020, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India's power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure. Other targets identified include two Indian seaports," the report said.
Further it also said that there was a clear and consistent pattern of Indian organisations being targeted in this campaign through the behavioural profiling of network traffic to adversary infrastructure.