(This was originally posted in The Sunday Guardian Live by Abhinandan Mishra)
Pakistan-based hackers carried out a significant cyberattack on India-based power generation and transmission organizations and as per reports, the attack is still continuing. The hackers have also targeted infrastructure assets in Afghanistan, but most of their “victims” are based in India.
The hackers were/are using the internet platform provided by China Mobile Limited that works in Pakistan under the brand name Zong 4G. The Chinese government controls China Mobile Limited through China Mobile Communications Group Company Limited, which has 100% ownership of China Mobile Group Limited, which in turn holds 70% stake of China Mobile limed—the remaining 30 percent is with public investors.
The collaboration between China and Pakistan in the field of cyber warfare, especially against Indian interest, is well documented and has been described as a prominent concern by Indian officials who track such developments. China has invested billions of dollars, most of them as a part of the CPEC funding, to develop cyber capabilities in Pakistan, including material and human assets.
During this present attack, Pakistan-based actors were able to steal critical files, delete, take screenshots, copy files, create a directory, rename files, run commands, shut down systems, and run a process on the computer systems that was/is being used by these Indian infrastructures. The attack started in January this year and used decoy PDF documents which were named in a way to give the impression that these were associated with the organizations that were being targeted.
Some of the files were named as: EngrCorpsPolicy.zip, vaccination.zip,Call-for-Proposal-DGSP-COAS-Chair-Excellance.pdf.lnk,DATE-OD-NEXT-INCREMENT-ON-UP-GRADATION-OF-PAY-ON-01-JAN-AND-01-JUL.pdf.lnk, Covid Vaccination On Emergency Basis for All Employees and their Familes.pdf.lnk, and certindia.ignore list.com. Other decoy documents, for example, used the Cowin registration link to lure government officials to open and download documents that compromised their systems. These cyberattacks were discovered by Lumen technologies, a Monroe, Louisiana, United States-based company.
As per Lumen, the actors behind these attacks were/are operating from Pakistan and using a network provided by Pakistani mobile data operator CMPak Limited, whose parent is China Mobile Limited, which is state owned.
In one such attack, the hackers sent a decoy document that resembled an invitation card for an event that was being organized by the Bombay Engineer Group, also known as the Bombay Sappers, a regiment of the Corps of Engineers of the Indian Army, which is based at Khadki in Pune. The Group completed its 200 years in service in January last year. The fact that multiple such decoy documents were named in a way to attract military personnel suggests that apart from civilian assets like power plants, assets of the Indian military, too, were compromised by the hackers.
It is pertinent to mention that the power outage that Mumbai faced in October 2020 was linked to cyberattacks by independent researchers and media reports. However, the government had denied that the outage was a result of a cyberattack. The Sunday Guardian had warned in July 2020 that the country’s power grid was under imminent threat of cyberattacks in the coming days.