Indian power generation giant Tata Power hit by a cyber attack

Pierluigi Paganini October 15, 2022

Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack.

Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company.

The company confirmed that the security breach impacted “some of its IT systems.”

“The Tata Power Company Limited had a cyber attack on its IT infrastructure impacting some of its IT
systems. The Company has taken steps to retrieve and restore the systems.” the company wrote in a filing with the National Stock Exchange (NSE) of India.

“All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points.”

The electricity giant immediately started operations to respond to the incident and restore the impacted systems.

“All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points, it added.” reported The Economic Times.

The Economic Times, citing a senior official from the Maharashtra Police’s cyber unit, confirmed that local authorities warned of a threat to electricity companies in the country, including Tata Power.

The companies are conducting an assessment of their IT infrastructure to percent intrusions and mitigate the risks of cyber attacks.

At this time the company has yet to provide details about the cyber attack.

In April, Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations.

The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka TAG-38.

In February 2021, Insikt Group researchers reported a campaign aimed at India’s power grid that was attributed to China-linked threat actor RedEcho.

The attackers employed a modular backdoor dubbed ShadowPad, an implant used by several groups linked to the People’s Liberation Army (PLA) and the Ministry of State Security (MSS).

In Early 2022, a series of attacks targeted at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states.

Indian power grid 2

The attacks hit systems located in North India, in proximity to the disputed India-China border in Ladakh.

The attacks, which likely started in September 2021, aimed at gathering intelligence on critical infrastructure systems in preparation for future intrusions.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tata Power Company Limited)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment