CERT-In had alerted grid controllers about China-backed cyberattacks in November

NEW DELHI: A stitch in time saved India a major power outage and huge economic cost. Government insiders said additional safeguards were deployed as early as November to protect the national power grid from hacking, possibly by Chinese state-backed hackers.

A New York Times report on Sunday cited a study by Recorded Future, a Massachusettes-based outfit that studies the internet use by state actors, to raise doubt Chinese state-backed hackers may have caused the October 12 power outage in Mumbai to warn India against strong pushback in the border row in Ladakh. The report, however, said the study did not have sufficient evidence to substantiate this doubt.

"There has been no impact on any operation and there was no data breach or loss," the government said in a statement on Monday.

Government insiders said India’s cybersecurity agency CERT-In (Indian Computer Emergency response Team) had in November detected ShadowPad malware, one of the largest supply chain attacks. The national grid operator and its regional units were on November 19 alerted about the malware and threats of other attempts at hacking.

On February 12, another government cybersecurity agency, NCIIPC (National Critical Information Infrastructure Protection Centre) rang the alarm bell over Red Echo, a Chinese state-sponsored actor group, trying to break into the grid control systems. It said the IPs in both ShadowPad and Red Echo instances matched. The agency sent out a list of the ‘hot’ IPs and domains.

Between these two alerts, IT groups with the grid operators activated additional safety protocols. All control centres blocked the IPs and domains listed by NCIIP in their firewalls. A closer watch was maintained on firewall logs at all control centres. Additionally, all systems in control centres were scanned and cleaned by antivirus.

Meanwhile, Chinese foreign ministry spokesperson Wang Wenbin on Monday said it was “highly irresponsible” to accuse a particular party when there is no sufficient evidence”. "China firmly opposes and cracks down on all forms of cyberattacks. Speculation and fabrication have no role to play on the issue of cyberattacks, as it is very difficult to trace the origin of a cyberattack.”