Govt clarifies: Chinese malware didn't hit Indian power grid
The power ministry said that action was taken after it received an email from CERT-In on November 19, 2020, on the threat of malware called Shadow Pad at some control centres of POSOCO.
The Union Power Ministry has refuted the claims made by The New York Times citing a study carried out by a private American company that cyberattacks were carried out by Beijing on India's power grid system after the troops of India and China were locked in a border standoff last year.
"There is no impact on any of the functionalities carried out by Power System Operation Corporation (POSOCO) due to the referred threat. No data breach or data loss has been detected due to these incidents," an official in the power ministry said.
The ministry analysed the reports and observed that "a system of monitoring and analysis of cyber activities is already in place at all Regional Load Despatch Centers and National Load Despatch Centre operated by POSOCO."
It also said that action was taken after it received an email from CERT-In on November 19, 2020, on the threat of malware called Shadow Pad at some control centres of POSOCO.
As per the power ministry, it has blocked all IPs and domains listed in NCIIPC mail in the firewall at all control centres, monitoring the log of the firewall for any connection attempt towards the listed IPs and domains.
All systems in control centres were scanned and cleaned by antivirus, it added.
Last year on October 12, there was a massive power outage that lasted for a few hours starting from 10 AM. The issue, however, was resolved by noon.
As per The NYT report, the malware tracing was done by Recorded Future, a cybersecurity company founded in 2009 with headquarters in Somerville, Massachusetts.
The company claimed that most of the malware was not activated, which may mean that a small proportion of malware caused the Mumbai power outage.
However, the report added that the cybersecurity company couldn't examine the code itself because of the restrictions, which meant it could not get inside India's power systems.
The report said that the cybersecurity company notified Indian authorities.