India suspects China may be behind the big Mumbai blackout

It was the worst blackout in decades in India’s financial capital, stopping trains and causing hospitals to switch to diesel generators. The megacity has long boasted of being one of the few cities in India with uninterrupted electricity supply, even while most of the country has problems with regular blackouts.

State Interior Minister Anil Deshmukh said officials were investigating a possible connection between the shutdown and the rise of cyberattacks on the servers of state-owned power companies. He would not highlight China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers to servers of state-owned power companies.

“There were attempts to log in to our servers from foreign countries,” Deshmukh said. “We will investigate further.”

Another state official said 8GB of unaccounted data fell on the servers of power companies in China and four other countries between June and October. The officer cited thousands of attempts at blacklisting IP addresses to access servers.

State-sponsored hackers are increasingly targeting critical infrastructure, such as power grids, rather than specific institutions, said Amit Dubey, a cybersecurity expert at the Root64 Foundation, which conducts cybercrime research. .

“It all depends on power,” Dubey said. According to the electricity supply, it can “eliminate hundreds of plants or daily services such as trains.”

Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target other nations ’power grids. Russian hackers managed to turn off power in many parts of the Ukrainian capital a few years ago, he said, and have also attacked critical infrastructure in the United States in recent years.

India’s announcement came after U.S. cybersecurity firm Recorded Future released a report Sunday explaining the attacks by close to a China-linked group it identified as RedEcho. He cited an increase in attacks on India’s electricity infrastructure.

The report said the attacks could have been a reaction to the border tension jump between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, clubs and clubs wrapped in barbed wire.

In response to the Recorded Future report, which was previously reported by the New York Times, China said it does not support cyberattacks.

“It is very irresponsible to blame a particular party when there is not enough evidence,” Wang Wenbin, a spokesman for China’s foreign ministry, said in a briefing on Monday. “China strongly opposes such an irresponsible and malicious practice.

Recorded Future said it could not directly connect the attacks with the Mumbai shutdown because it does not have access to any hardware that could have been infected.

The Ministry of Power of India said it has addressed the threats mentioned in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean the software of its systems.

“There is no impact on any of the functionalities” of the government company that manages the national electricity grid, the ministry said.

Last June, the Maharashtra cyber department gathered information on possible Chinese cyber intrusions and large-scale fishing attacks in India with special attention to infrastructure, information and banking sectors. In June, at least 40,300 cyberattacks were attempted in a five-day period, most of which could be tracked as far as the Chengdu area of ​​China, a senior official said at the time.

Write to Eric Bellman to [email protected] and Rajesh Roy to [email protected]