Security News > 2021 > March > Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future
Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid.
The attack is considered the probable source of Mumbai's power outage in October of the same year.
"Using a combination of proactive adversary infrastructure detections, domain analysis, and Recorded Future Network Traffic Analysis, we have determined that a subset of these AXIOMATICASYMPTOTE servers share some common infrastructure tactics, techniques, and procedures with several previously reported Chinese state-sponsored groups, including APT41 and Tonto Team," the Recorded Future report said.
The firm said most of the malware was not activated and the associated power outage was the result of a subset of the payload. Recorded Future did not have access to India's power system code to analyse in further detail.
Recorded Future hypothesised that last year's power outages in Mumbai, which caused mass chaos in the city's infrastructure - ranging from trains to hospitals to financial centre operations - were a "Show of force" designed to warn India of China's capabilities.
Union power minister RK Singh did concede that a software nasty got into India's northern and southern region load dispatch centers, though the impact was limited, we're told.
News URL
Related news
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Singapore infosec boss warns China/West tech split will be bad for interoperability (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)
- Researchers unveil novel attack methods targeting Intel’s conditional branch predictor (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)