Chinese hackers attacked India’s power grid in Ladakh

India China Cyber ​​Attacks

Cybersecurity researchers have reported that India’s energy sector has been attacked by suspected Chinese state-sponsored hackers. While the intentions are not yet clear, it is reported that they could be conducting a cyber-espionage campaign after hacking into at least seven State Load Dispatch Centers (SLDC).

China-sponsored hackers infect SLDC with malware

According to the various reports, a threat actor from China hacked into at least seven SLDCs, all of which are located in Ladakh in Jammu and Kashmir. The region is often the talk of the town as it has been the subject of debate between India, China and Pakistan since the end of World War II.

The report further states that the hacking threat is known as ‘Threat Activity Group 38’. The actors used a trojan virus called ShadowPad, which is popularly known for its link between the threat actors and the Ministry of State Security (China).

India's Electricity Grid

Hackers have gotten their hands on unattended internet-connected endpoints such as IP cameras using standard credentials. Coming soon because ShadowPad is used to get command and control rights (C2) from the IP camera and DVRs connected to the internet.

As mentioned, the group did not cause any damage to the SLDC and it is likely that the attack was carried out for cyber-espionage and intelligence-gathering purposes while remaining off the radar for a long time. The attacks were also carried out to gather intelligence about critical infrastructure in India.

Note that the group was able to carry out the attacks undetected for a long time until cybersecurity researchers got a hold of it.

Zhao Lijian, China’s foreign spokesman, made a statement that the Chinese government is not involved in such cyberattacks and is also strongly against such activities. This is despite frequent allegations that these attacks are sponsored by the Chinese government.

Leave a Comment