China has been accused of conducting a long-term cyber attack on India’s power grid, and has been implicated in cyber attacks against targets in Ukraine.
Insikt Group found network intrusions at seven Indian State Load Dispatch Centers (SLDCs) that conduct real-time operations for grid control and electricity dispatch.All seven SLDCs were located near the disputed India-China border in Ladakh.
This operation used a trojan called ShadowPad, impacted a national emergency response team and the Indian subsidiary of a logistics company.
The attackers, sometimes identified a Threat Activity Group 38 (TAG-38), are believed to have infiltrated the system via third-party devices like IP cameras that may have been left vulnerable when their default credentials were kept in place.
This intrusion seems to be prolonged and most likely a mission to gather information about critical infrastructure, rather than seeking immediate-term benefit.
Beijing, predictably, denied involvement and firmly opposed all forms of cyber attacks.