Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future

Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid.


In a blog post and white paper (which requires registration to access), the firm said it had seen a notable increase in targeted attacks on India from China state-sponsored groups.

The cybersecurity firm has named the offenders "RedEcho."


The incident it referred to took place last year, during the India/China border standoff in May. Malware was injected into 10 Indian power sector organisations and a pair of Indian seaport operators. The attack is considered the probable source of Mumbai's power outage in October of the same year.

"Using a combination of proactive adversary infrastructure detections, domain analysis, and Recorded Future Network Traffic Analysis, we have determined that a subset of these AXIOMATICASYMPTOTE servers share some common infrastructure tactics, techniques, and procedures (TTPs) with several previously reported Chinese state-sponsored groups, including APT41 and Tonto Team," the Recorded Future report said. "AXIOMATICASYMPTOTE" is the name given to the malware infrastructure.


The firm said most of the malware was not activated and the associated power outage was the result of a subset of the payload. Recorded Future did not have access to India's power system code to analyse in further detail. The cybersecurity company said it had contacted Indian authorities, which to date have largely kept quiet on the issue.


Tech-related tensions between the two nations saw India ban over 100 Chinese apps while also creating malware attack crippled mumbai power system china claims infosec intel outfit recorded future