Officials are investigating whether cyberattacks from China could have caused the power outage, an assertion that China rejects
Give your feedback below or email firstname.lastname@example.org.
NEW DELHI—Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.
State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.
It was the worst blackout in decades in India’s financial capital, stopping trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.
Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.
“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”
Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.
State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.
“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”
Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.
India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.
The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.
In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.
“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.
Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.
India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.
“There is no impact on any of the functionalities” of the government company that manages the national power grid, the ministry said.
Last June, Maharashtra’s cyber department collated information regarding possible Chinese cyber intrusion and large-scale phishing attacks in India with focus on infrastructure, information and banking sectors. At least 40,300 such cyberattacks were attempted in a span of five days in June, most of which could be traced to Chengdu area of China, a senior official said at the time.