India disclosed a failed Ladakh cyberattack done by Chinese hackers

April 13, 2022
India Failed Ladakh Cyberattack Chinese Hackers China Indian State Load Despatch Centres Network Intrusion

India’s government recently disclosed that the cyberattack attempts of Chinese state-sponsored threat groups targeting Indian electricity distribution centres near Ladakh were unsuccessful.

Based on the analysis of security researchers, they have observed some network intrusions in the past eight months that targeted about seven Indian State Load Despatch Centres (SLDCs) that carry real-time operations for dispatching electricity and grid control within specific Indian states.

 

The experts also found out that the cyberattack attempts were geographically concentrated since they targeted identified SLDCs located in North India, near the India-China border in Ladakh.

 

From August last year up to March of this year, researchers found some data being disseminated back and forth from Indian Load Despatch Centres to the C2 servers of the Chinese-based threat actors that are likely spread in different parts of the world.

Aside from the attack attempts against the Indian power grids, the analysts also discovered the national emergency response system being compromised alongside the Indian subsidiary of a multinational logistics firm, carried out by similar Chinese state-sponsored criminals.

The Indian government had already been informed of the findings upon report publications.

India’s Power Minister confirmed that the cyberattack attempts against electricity distribution centres near Ladakh were unsuccessful and added that they have immediately reinforced their defence system in countering the same attacks.

The analysts’ report also explained that the hackers who performed the attack were likely attempting to collect critical infrastructure systems information from their adversary. They also presumed that the threat operators had applied a long-term strategic priority using Chinese state-sponsored hackers within India.

The incident was also acknowledged as a tactic for threat actors in gathering information surrounding critical infrastructure systems or that they are positioning a move for a more extensive attack activity in the future. The information that the attackers could collect might be utilised for future use or in preparation for pre-planned operations.

About the author