It has been recently reported by New York Times that China-linked threat activity group RedEcho launched a cyber attack on the Indian power sector in October last year amid an India-China standoff.
On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic, and hitting the stuttering economic activity hard.
It has been suspected that a China-backed hacker group 'Red Echo' was behind the incident.
According to reports, an official statement has been released by India's power ministry on Monday in response to New York Times-'China cyber-attack leading to the Mumbai outage' story.
The statement claims, "There is no impact on any of the functionalities carried out by POSOCO due to the referred threat"
It further reads, "A system of monitoring and analysis of Cyber activities is already in place at all RLDCS & NLDC, operated by POSOCO. Further, an email was received from CERT-In on 19th November 2020 on the threat of malware called Shadow Pad at some control centers of POSOCO. Accordingly, action has been taken to address these threats"
All IPs and domains listed in NCIIPC mail have been blocked in the firewall at all control centres.Log of the firewall is being monitored for any connection attempt towards the listed IPs and domains. Additionally, all systems in control centers were scanned and cleaned by antivirus.
Observations laid down in the statement- The IPs mentioned in Red Echo related advisory are matching with those given in Shadow pad Incidents already informed by CERT-in in the month of November 2020. Observations from all RLDCs & NLDC show that there is no communication & data transfer taking place to the IPs mentioned.
The statement further claims that there was no impact on any of the functionalities were carried out by POSOCO due to the referred threat. No data breach/ data loss had been detected due to these incidents.
In the end, the statement concludes- "Prompt actions are being taken by the CISOs at all these control centers under operation by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans, etc."