Cybersecurity researchers have reported that India’s power sector has been under attack by suspected Chinese-state-sponsored hackers. Although the intentions aren’t clear yet, it is reported that they could be running a cyber-espionage campaign after hacking into at least seven State Load Dispatch Centers (SLDC).
Chinese-sponsored hackers infected SLDC with malware
According to the various reports, a threat actor from China hacked into at least seven SLDCs all of which are located in Ladakh in Jammu and Kashmir. The region is often the talk of the nation as it has been disputed between India, China, and Pakistan ever since World War II ended.
The report further states that the hacking threat is known by the name ‘Threat Activity Group 38’. The actors used a trojan virus called ShadowPad which is popularly known for its link between the threat actors and the Ministry of State Security (China).
Hackers got hold of unattended internet-connected endpoints such as IP cameras using default login credentials. The soon because using ShadowPad to get command and control (C2) privileges of the IP camera and DVRs connected to the internet.
As it is being said, the group didn’t cause any damage to the SLDC and it is likely that the attack was carried out for cyber-espionage and to gather intelligence while staying off the radar for a long time. The attacks were carried out to gather information on the critical infrastructure in India as well.
Note that the group was able to carry out the attacks without being seen for a long time until cybersecurity researchers got hold of it.
Zhao Lijian, the Chinese foreign spokesperson made a statement that the Chinese government isn’t involved in such cyberattacks and firmly opposes such activities as well. This is despite frequent accusations of these attacks being sponsored by the Chinese government.