Indian power generation giant Tata Power hit by a cyber attack

Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack.

Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company.

The company confirmed that the security breach impacted “some of its IT systems.”

“The Tata Power Company Limited had a cyber attack on its IT infrastructure impacting some of its IT
systems. The Company has taken steps to retrieve and restore the systems.” the company wrote in a filing with the National Stock Exchange (NSE) of India.

“All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points.”

The electricity giant immediately started operations to respond to the incident and restore the impacted systems.

The Economic Times, citing a senior official from the Maharashtra Police’s cyber unit, confirmed that local authorities warned of a threat to electricity companies in the country, including Tata Power.

The companies are conducting an assessment of their IT infrastructure to percent intrusions and mitigate the risks of cyber attacks.

At this time the company has yet to provide details about the cyber attack.

In April, Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations.

The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka TAG-38.

In February 2021, Insikt Group researchers reported a campaign aimed at India’s power grid that was attributed to China-linked threat actor RedEcho.

The attackers employed a modular backdoor dubbed ShadowPad, an implant used by several groups linked to the People’s Liberation Army (PLA) and the Ministry of State Security (MSS).

In Early 2022, a series of attacks targeted at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states.

The attacks hit systems located in North India, in proximity to the disputed India-China border in Ladakh.

The attacks, which likely started in September 2021, aimed at gathering intelligence on critical infrastructure systems in preparation for future intrusions.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tata Power Company Limited)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.