Cyber attacks against critical infrastructure in India

Guest post from the ICS cyber security blog:
Cyber attacks against India’s critical infrastructure

March 04, 2021 – icscybersec

I’ve previously written about the cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in India, but in the early hours of March 1, the threat intelligence provider Recorded Future released this report detailing their analysis of cyber attacks by Chinese APT group(s?) against Indian critical infrastructure, primarily companies in the Indian power sector.

According to the analysis, the attackers introduced malware called ShadowPad by Kaspersky through the targeted organisations’ suppliers (i.e. the third very serious attack categorised as a supply chain attack within a short time after the SolarWinds and Centreon attacks).

According to Recorded Future analysts, the attacks may have been underway as early as 2017 (when the first ShadowPad malware sample was found during the Netsarang incident), but the attacks multiplied after the Sino-Indian border incidents around Lake Ladakh in May 2020. The attacks have affected 10 different Indian power companies, including four out of five of the regular freight distributors (now known as system operators in Europe), and several power plants (including a coal-fired thermal power plant) are among the facilities attacked, while beyond the power sector, port systems have also been hit, among others.

It is becoming increasingly apparent that disagreements between countries do not leave their civilian critical infrastructure untouched, with reports of Russian attacks on the US electricity system after the attacks on the Ukrainian electricity system in 2015 and 2016, and US services have covert access to Russian systems (in a modern cyberspace mutual assured destruction principle), but this case (and others like it) suggest that, unlike the proliferation of nuclear weapons, many more countries are developing their cyberspace capabilities at a very rapid pace. The question now is what are the Hungarian authorities doing about this, especially on the defence side?


The original guest post was published on the ICS cyber security blog.

Translated by DeepL.