'No impact' on power grid operations due to malware attack: Centre
New Delhi, Mar 01: The Ministry of Power on Monday said there is no impact on operations of Power System Operation Corporation (POSOCO) due to any malware attack and that prompt actions are taken on advisories issued against such threats.
The ministry was responding to a study carried out by a private US company which suggested that a China-linked group targeted India''s power grid system through malware, a software designed to cause damage to a computer network.
This study raised suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.
However, the ministry did not mention about the Mumbai outage in its statement.
Responding on the findings of the study, the ministry said, "There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/ data loss has been detected due to these incidents."
The ministry further said, "Prompt actions are being taken by the CISOs (chief information security officers) at all these control centres under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans etc."
The CERT-in (Indian Computer Emergency Response Team) is the nodal agency to deal with cyber security threats like hacking and phishing.
The NCIIPC (National Critical Information Infrastructure Protection Centre (NCIIPC) is national nodal agency for critical information infrastructure protection.
A Chinese government-linked group of hackers targeted India's critical power grid system through malware, Recorded Future, a Massachusetts-based company, said in its latest study.
Recorded Future, which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.
The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.
Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.
In response to the allegation, Chinese Foreign Ministry spokesman Wang Wenbin on Monday rejected the criticism about China's involvement in the hacking of India's power grid, saying it is "irresponsible and ill-intentioned" to make allegations without proof.
On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.
It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.
In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.
The ministry explained in its statement, "The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November,2020. Observations from all RLDCs (regional load dispatch centres) & NLDC (national load dispatch centre) shows that there is no communication & data transfer taking place to the IPs mentioned."
All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres. Log of firewall is being monitored for any connection attempt towards the listed IPs and domains. Additionally, all systems in control centres were scanned and cleaned by antivirus, the ministry added.
Referring to a report from Insikt talks about the imminent threat from the Red Echo group based in China, the ministry said, "A system of monitoring and analysis of cyber activities is already in place at all RLDCs & NLDC, operated by POSOCO. Further, an email was received from CERT-In on 19th November, 2020 on the threat of malware called Shadow Pad at some control centres of POSOCO. Accordingly, action has been taken to address these threats."
Subsequently, it stated that NCIIPC informed through a mail dated 12th February, 2021 about the threat by Red Echo through a malware called Shadow Pad.
It had said: "Chinese state-sponsored threat actor group known as Red Echo is targeting Indian Power sector''s Regional Load Dispatch Centres (RLDCs) along with State Load Dispatch Centres (SLDCs). "
Some IP addresses and domain names were mentioned. The report of Insikt also refers the threat actors already informed by CERT-in & NCIIPC, the ministry explained.