Hyderabad: The state-run Telangana power company claims to have thwarted a potential Chinese-origin cyberattack on its systems after an alert from the Computer Emergency Response Team of India (CERT- In), the country’s nodal agency to deal with cybersecurity threats.
About 40 sub-stations in the state were affected by “Chinese malware” but state government officials managed to remove it, Telangana Transco and Genco Chairman and MD D. Prabhakar Rao told ThePrint.
Detailing the tip-off, he said CERT-In sent the state an alert from a “trusted source” that “China-based threat actor Group Command and Control servers” are trying to communicate with systems belonging to the State Load Dispatch Centre (SLDC), which manages the power supply in the state.
CERT-In also advised the company to take suitable precautionary measures to ensure security of the power system, he added.
“We received an alert about a couple of days ago — it has not even been a week — about a potential cyberattack. Our officials sprang into action, and were able to thwart the attack on time,” he said. “We took all preventive steps such as improving our systems, firewall upgrading etc. The Chinese malware entered about 40 sub-stations in SLDC, but we were able to remove it. The situation is now under control.”
Rao’s claims come days after a report in The New York Times quoted a US cybersecurity firm’s findings to state that the October 2020 power outage in Mumbai could be “part of a broad Chinese cybercampaign against India’s power grid”.
According to the cybersecurity firm’s report, the NYT reported, a stream of Chinese malware has been “flowing into the control systems” that manage India’s electricity supply.
Earlier this week, Union Minister of State for Power R.K. Singh denied Chinese role in the outage, blaming it on “human error”.
Several measures taken
Several measures were taken to guard Telangana’s power systems against any attack, Rao said. These included blocking the server IPs communicated by CERT-In, temporarily disabling the control function for remote operation of circuit breakers from SLDC, changing user credentials for all the people accessing the website of the SLDC, and isolating suspected equipment within the perimeter of the SCADA control centre to ensure the safety of the grid.
A unit of Transco, the Supervisory Control And Data Acquisition (SCADA) control centre is tasked with quick detection of power outage and accurately determining the location of the fault.
Telangana, Rao said, is one of seven states where “Chinese hackers tried to communicate with power systems”.
In 2019, the website of the Telangana State Southern Power Distribution Company Limited (TSSPDCL), which supplies power to several districts, including Hyderabad, was attacked by ransomware — malware that holds systems hostage until the hackers get the ransom sought.
This affected its services, including online payments. The hacker demanded ransom in terms of bitcoins. However, police were subsequently quoted as saying that they could restore the system without paying any ransom.