‘It was sabotage’ — Maharashtra energy minister says cyberattack caused Mumbai power outage

New Delhi: The massive power outage that brought much of Mumbai to a standstill for hours last October was caused by a cyberattack, said Maharashtra Energy Minister Nitin Raut Monday, who called it an act of “sabotage”.

Raut said the state government, the Maharashtra Electricity Regulatory Commission (MERC) and the Central Electricity Authority had set up separate committees to probe the cause of the outage and their reports have been received.

A 28 February New York Times report stated that the outage could be a “part of a broad Chinese cybercampaign against India’s power grid”. Citing a study by a US cyber security firm, NYT said a stream of Chinese malware had been “flowing into the control systems” that manage India’s electricity supply.

The Chinese embassy in India put out a statement denying China had any role in the cyber attacks.

In a tweet, the spokesperson said China was a “staunch defender of cyber security” and  said it was “highly irresponsible to accuse a particular party with no sufficient evidence”.

FM Spokesperson: As staunch defender of cyber security, China firmly opposes&cracks down on all forms of cyber attacks. Speculation&fabrication have no role to play on the issue of cyber attacks.Highly irresponsible to accuse a particular party with no sufficient evidence around. pic.twitter.com/1aB60A4pRR

— Spokesperson of Chinese Embassy in India (@ChinaSpox_India) March 1, 2021

Earlier in the day, Sanjay Shintre, superintendent of police (SP), Maharashtra Cyber, said the cybersecurity agency had not found any proof that linked the China-backed hackers with the power outage.

“There is no concrete evidence Chinese hackers disrupted the Mumbai power supply,” he told ThePrint.

“There were suspicions of Chinese involvement because of clues like internet traffic originating from China. However, no FIR has been registered in this power outage issue. There were technical experts from institutes from Mumbai and nearby who investigated the power outage, but the technical experts did not conclude that Chinese hackers had caused the Mumbai power outage,” he added.

Maharashtra Cyber is the nodal agency for cybersecurity issues under the home department of the Maharashtra government. Shintre took charge of the agency in February 2021.

The Union Ministry of Power had also issued a statement on the cyber threat identified by the US firm, which nicknamed the hackers ‘RedEcho’.

“There is no impact on any of the functionalities carried out by POSOCO due to the referred threat. No data breach/data loss has been detected due to these incidents,” the statement said. However, it did not address the claims about the Mumbai power outage.

The US firm’s study said that several other Indian entities could have also been attacked by RedEcho. These “suspected victim” organisations include Power System Operation Corporation Limited (POSOCO), Kudgi Super thermal power station in Karnataka, and the maritime port Mumbai Port Trust.

ThePrint emailed several Indian government officials, including the National Cyber Security Coordinator (NCSC) Lt Gen Rajesh Pant, Director General of Indian Computer Emergency Response Team (CERT-In) Dr Sanjay Bahl, and the help desk of the National Critical Information Infrastructure Protection Centre (NCIIPC) for a comment on the alleged Chinese malware campaign against India.

Pant replied saying he was yet to receive a detailed report from the Maharashtra government.

The report will be updated when they respond.

Also read: China hacked Indian govt teleconference in 2017 — US think-tank reiterates old report

What the reports say

Citing the cyber threat monitoring firm the Recorded Future, NYT reported: “The study shows that as the standoff [between India and China] continued in the Himalayas … Chinese malware was flowing into the control systems that manage electric supply across India…”

The NYT article and the study both linked to an India Today report about the Mumbai power outage.

On 13 October last year, Mumbai faced at least two hours of power outage, starting at 10 am, that brought railway services to a halt as well as the stock exchange and commercial offices. In the suburban central Mumbai area, the outage lasted 10-12 hours. Intensive care units at government hospitals and Covid centers were forced to run on back-up power supplies during this term.

“News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center,” NYT said, citing the India Today report. 

However, the India Today report said the Maharashtra Cyber, based on initial findings, suspected the power outage was caused by malware on computers at a state load despatch center around Padgha. State-level load despatch centres are set up to manage and monitor the efficient despatch of electricity across a state.

It also noted that China-based hackers had been carrying out a series of attacks on the Indian cyberspace in the aftermath of the Galwan clash in June 2020, citing sources from Maharashtra Cyber.

The study by the Recorded Future, on which the NYT report is based, said the possibility of China-linked hackers infusing malware to cause a Mumbai power outage “remains unsubstantiated”.

(With inputs from Soniya Agarwal)

(This report has been updated with the statement by the Maharashtra energy minister, the NCSC’s response and a statement by the spokesperson of the Chinese embassy in India.)

Also read: Why paying hackers a ransom for your data isn’t the best idea