Government insiders said India’s cybersecurity agency CERT-In (Indian Computer Emergency response Team) had in November detected ShadowPad malware, one of the largest supply chain attacks. The national grid operator and its regional units were on November 19 alerted about the malware and threats of other attempts at hacking.
On February 12, another government cybersecurity agency, NCIIPC (National Critical Information Infrastructure Protection Centre) rang the alarm bell over Red Echo, a Chinese state-sponsored actor group, trying to break into the grid control systems. It said the IPs in both ShadowPad and Red Echo instances matched. The agency sent out a list of the ‘hot’ IPs and domains.
India News: India on Monday said there is no impact on operations of Power System Operation Corporation (POSOCO) due to any malware attack and that prompt actions
Photo used for representation purpose only. File
| Photo Credit: Sushil Kumar Verma
In Mumbai, Anil Deshmukh said a preliminary Cyber Cell report on the power outage had been handed over to the State Energy Ministry. “State-sponsored” Chinese hacker groups had targeted various Indian power centres, the Union Power Ministry said on Monday, but added that these groups have been thwarted after government cyber agencies warned it about their activities. While the government refused to confirm or deny a
New York Times report, based on a U.S. cyber security firm’s claim that the Mumbai power outage in October 2020 was part of a coordinated cyber attack by China, it said it has suffered “no data breach” as a result of the threat.
Power Ministry says no impact on any functionalities of POSOCO due to malware attack indiatimes.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from indiatimes.com Daily Mail and Mail on Sunday newspapers.
Government Sites Said to Have Critical Vulnerabilities; NCIIPC and CERT-in Step In: Reports
The vulnerabilities reportedly exposed sensitive files, credentials, and police FIRs. By Shayak Majumder | Updated: 22 February 2021 19:36 IST
Photo Credit: Pexels/ Mati Mango
The critical issues included over 13,000 identifiable information instances
Highlights
US DoD Vulnerability Disclosure Program was involved to raise concerns
NCSC says remedial actions have been taken
Security researchers said they found thousands of critical vulnerabilities in dozens of government-run Web services, more than half of which reportedly belonged to state governments. Most of the services had multiple issues that included exposed credentials, leaks of sensitive files, and existence of known bugs. If exploited, these lapses could reportedly lead to deeper access within the government network, as per the researchers. The issues had been brought under the notice of the