India Suspects China May Be Behind Major Mumbai Blackout

Officials are investigating whether cyberattacks from China could have caused the power outage, an assertion that China rejects

People’s Liberation Army soldiers and tanks withdrew in February from the India-China border in Ladakh following talks to de-escalate tensions. PHOTO: INDIAN MINISTRY OF DEFENSE/AGENCE FRANCE-PRESSE/GETTY IMAGES

By

and

March 1, 2021 11:16 am ET

Listen to this article

4 minutes

This feature is powered by text-to-speech technology. Want to see it on more articles?
Give your feedback below or email audiofeedback@wsj.com.

NEW DELHI—Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.

State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.

It was the worst blackout in decades in India’s financial capital, stopping  trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.

Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.

“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”

Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.

State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.

“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”

A woman used her mobile phone to light her kitchen in Mumbai during a power outage in October that Indian officials believe may have been caused by China. PHOTO: NIHARIKA KULKARNI/REUTERS

Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.

India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.

The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.

In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.

“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.

Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.

India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.

“There is no impact on any of the functionalities” of the government company that manages the national power grid, the ministry said.

Last June, Maharashtra’s cyber department collated information regarding possible Chinese cyber intrusion and large-scale phishing attacks in India with focus on infrastructure, information and banking sectors. At least 40,300 such cyberattacks were attempted in a span of five days in June, most of which could be traced to Chengdu area of China, a senior official said at the time.

In the worst military clash between China and India in years, Indian authorities say 20 Indian soldiers died and several Chinese troops also suffered casualties. WSJ’s Eric Bellman explains why tensions along the border are intensifying. (Originally published June 17, 2020) Photo: Sanjeev Gupta/EPA/Shutterstock

Write to Eric Bellman at eric.bellman@wsj.com and Rajesh Roy at rajesh.roy@wsj.com