The Chinese government has dismissed the findings of a US study that claimed a cyber attack launched by Beijing may have caused the massive power outage that hit India’s financial capital Mumbai last year.
Chinese foreign ministry spokesperson Wang Wenbin slammed the report as accusing China of conducting a cyber attack without evidence, describing it as “speculation and fabrication”.
“As a staunch defender of cyber security, China firmly opposes and cracks down on all forms of cyber attacks,” Mr Wenbin said at a regular press conference.
“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around. China is firmly opposed to such irresponsible and ill-intentioned practice,” he added.
More than 20 million people were plunged into darkness for more than 12 hours in Mumbai in October last year with trains stranded across the city, hospitals left struggling on generators to keep ventilators running and mobile services collapsed.
A study by a US cybersecurity firm, first reported by the New York Times, found Chinese malware flowing across India’s power supply system at the time, and suggested the alleged attack might have been intended as a "warning" to Delhi as the two countries were locked in the worst military standoff on their contested border for decades.
The study, by Massachusetts-based firm Recorded Future, blamed a Chinese state-sponsored group named Red Echo for “systematically utili[sing] advanced cyberintrusion techniques” to gain control of power generation infrastructure in India.
While China’s statement on Tuesday was unequivocal, the response of the Indian authorities since the New York Times report has been mixed.
On Monday, Mumbai’s state government appeared to confirm the US firm’s findings. Nitin Raut, Maharashtra’s energy minister, said: “There is truth in the claims made by NYT. We had formed three committees to inquire into the matter. We will receive a detailed report from the cyber department but based on the preliminary information I have, there definitely was a cyber attack and it was a sabotage.”
But this was then contradicted by the federal power minister, R K Singh, who said: “Two teams investigated the power outage and submitted that the outage was caused by human error and not due to cyber attack. One of the teams submitted that cyber attack did happen but they were not linked to the Mumbai grid failure.”
Finally, Maharashtra’s home minister Anil Deshmukh said on Tuesday that the issue should not be “politicised” and that the country should remain alert, as “such attacks” could happen anywhere in India.
The study by Recorded Future said a “steep rise” in activities by China-based hackers had been observed that “targeted large swathes of the Indian power grid since mid-2020” – when the border standoff in Ladakh resulted in the deaths of dozens of soldiers.
The latest development comes as the two countries’ militaries reached a breakthrough in talks to disengage from the Himalayan territory after a tense nine-month border stand-off. Both armies have successfully pulled back from a lake on the border, only the first phase in the planned withdrawal of troops and artillery from several key friction points.
Meanwhile, Chinese hackers were reported to have also targeted the IT systems of the two major Indian vaccine makers, Serum Institute of India and Bharat Biotech, both of which have had jabs approved in India, cyber intelligence firm Cyfirma told Reuters on Monday.