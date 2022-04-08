In a cyber-espionage attack on the Indian power sector, Chinese hackers, codenamed Threat Activity Group 38, recently targeted power distribution centres in Ladakh near the Indo-China border and at least seven load-dispatching centres in Northern India, according to the intelligence report on the hacking of the grid accessed by News18.

The report states the hackers used malicious software Trojan Shadow Pad for this operation. “Trojan is a Chinese state hacking tool, which concludes it was a state-sponsored hacking. Shadow Pad is used by People Liberation Army and Ministry of State Security Group. They have used Poison Ivy and Royal Road IT for TAG 38 operation," added the report.

Hackers gained access to the centres through a third-party configuration connected to IP camera network. “We view this targeting as economic espionage and also some traditional espionage activity. Earlier, they attempted similar attacks on 10 dispatch centres," stated the report.

Their idea would be to target critical infrastructure in the country or possibly pre-position themselves for future activities, said sources.

Earlier, the hackers attacked a private service provider or logistics service organisation to derail operations. Another group, TAG 26, is also active in attacking the Indian Emergency Response System, said sources.

Top intelligence sources who spoke to News18 said, “This is part of the ongoing hacking attempts by all spy agencies. We have to upgrade from time to time. We have taken all precautions and in the future, too, the systems will be upgraded."

