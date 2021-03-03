An alert by Computer Emergency Response Team of India has averted a hacking attempt of the power systems in Telangana’s TS Transco and TS Genco by a China-based group. TS Transco and TS Genco are power utilities of the state.

The hackers were reportedly trying to steal data and disrupt power supply. GENCO has blocked suspected IP addresses and changed the user credentials of officials operating remote sites and sophisticated power grids.

“China-based threat actor group command and control servers were trying to communicate with systems belonging to Telangana SLDC (State Load Dispatch Centre). We have directed the state power utilities to take all protection and safety measures,” said Telangana Transco and Genco chairman and managing director D Prabhakar Rao.

The cyber-attack attempt assumes significance as it comes at a time when a US newspaper reported recently that the 2020 power blackout in Mumbai was due to a China-based cyber-attack.

Computer networks of at least 12 Indian state-run organisations, primarily power utilities and load dispatch centres, have been targeted by Chinese state-sponsored groups since mid-2020 in an attempt to inject malware that could cause widespread disruptions, a new study has revealed.

According to the study by Recorded Future, a US-based company that monitors the use of the internet by state actors for cyber-campaigns, NTPC Limited, the country’s largest power conglomerate, five primary regional load dispatch centres that aid in the management of the national power grid by balancing electricity supply and demand, and two ports were among the organisations attacked.

The activity appears to have started well before the May 2020 clashes between Indian and Chinese troops that triggered the border standoff along the Line of Actual Control in eastern Ladakh, the report said. It further stated, there was a “steep rise” in the use of a particular software by Chinese organisations to target “a large swathe of India’s power sector” from the middle of last year.

Although the report did not mention any disruptions caused by the insertion of malware, it talked about a massive power outage in Mumbai on October 13, 2020 that was allegedly caused by the insertion of malware at a state load dispatch centre in Padgha. Maharashtra power minister Nitin Raut had said at the time that authorities suspected sabotage was the cause of the outage.

The two-hour power outage caused the closure of the stock exchange, while trains were cancelled and offices across Mumbai, Thane and Mavi Mumbai were shut down.