Power grid in Ladakh under cyber attack from China

According to threat intelligence firm, Recorded Future Inc., India’s power sector has been under a cyber attack by “suspected state-sponsored Chinese hackers”, reported The Indian Express.

The main target of the hackers, TAG-38, were “seven load dispatch centers in northern India” that carry out grid control, electricity dispersal operations near the India-China border in Ladakh, reported IE, while also compromising a national emergency response system.

The software used by TAG-38 was ShadowPad, which has been linked to China’s People’s Liberation Army and the Ministry of State Security. What strengthens the accusation against China is the fact that one out of the seven load dispatch centers, has been earlier attacked by RedEcho, another Chinese government hacker.

While the report by Recorded Future Inc. said that the attack “offers limited economic espionage or traditional intelligence gathering opportunities”, it also stated that this could be “pre-positioning for future activity”. IE quoted Jonathan Condra, a senior manager at the firm as saying, “The method the attackers used to make the intrusions — using compromised internet of things devices and cameras — was unusual.”