India suspects China may be behind the Mumbai blackout

It was the worst blackout in decades in India’s financial capital, disrupting trains and prompting hospitals to switch to diesel-powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted energy supplies, even when most of the country struggles with regular blackouts.

Anil Deshmukh, the state’s interior minister, said officials are investigating a possible connection between the blackout and an outbreak of cyber attacks on servers at state power utilities. He did not single out China, but said that investigators found evidence of more than a dozen Trojan horse attacks, as well as suspicious data transfers to the servers of state-owned energy companies.

“There were attempts to log in to our foreign land servers,” said Mr. Deshmukh. “We will investigate in more detail.”

Another state official said 8 GB of unaccounted data was transferred to the servers of the energy company in China and four other countries between June and October. The official cited thousands of attempts to blacklist IP addresses to access the servers.

State-sponsored hackers are increasingly targeting critical infrastructure, such as power networks, rather than specific institutions, said Amit Dubey, a cyber security expert at the Root64 Foundation, who conducts cybercrime investigations.

“It all depends on the power,” said Dubey. Targeting energy supplies, he said, could “bring down hundreds of factories or day-to-day services, such as trains.”

Dubey said that many countries like China, Russia and Iran are deploying state-sponsored hackers to attack other nations’ power grids. Russian hackers managed to turn off power in many parts of the capital of Ukraine a few years ago, he said, and have also attacked critical infrastructure in the United States in recent years.

India’s announcement came after American cybersecurity firm Recorded Future published a report on Sunday describing what it said were attacks by a group linked to China that it identified as RedEcho. He cited a wave of attacks on India’s energy infrastructure.

The report says the attacks may have been a reaction to increased tension on the border between the two countries. During a military skirmish in June, India said that 20 Indian soldiers were killed and China said that four Chinese soldiers were killed when soldiers fought with stones, batons and clubs wrapped in barbed wire.

In response to the Recorded Future report, previously published by the New York Times, China said it does not support cyber attacks.

“It is highly irresponsible to accuse a specific party when there is insufficient evidence,” Wang Wenbin, a spokesman for the Chinese Foreign Ministry, said in an interview on Monday. “China is firmly opposed to this irresponsible and malicious practice.

Recorded Future said it could not directly connect the attacks to the Mumbai blackout because it did not have access to any hardware that might be infected.

The Indian Ministry of Energy said it has dealt with the threats described in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its system software.

“There is no impact on any of the functionalities” of the state-owned company that manages the national electricity grid, the ministry said.

Last June, the Maharashtra cyber department collected information about a possible Chinese cyber intrusion and large-scale phishing attacks in India, focusing on the infrastructure, information and banking sectors. At least 40,300 of these cyber attacks were attempted over a five-day period in June, most of which could be traced back to the Chengdu area of ​​China, a senior official said at the time.

Write to Eric Bellman at [email protected] and Rajesh Roy at [email protected]