Tata Power Company Limited, the largest integrated power company in India, was recently targeted by a cyber-attack. According to India’s National Stock Exchange (NSE), “some of its IT systems” were impacted by the intrusion. It stated that procedures had been made to recover and restore the compromised workstations and that security guardrails had been installed on customer-facing portals to prevent unauthorized access. The Mumbai-based electric utility company, part of the Tata Group conglomerate, did not provide any further details about the attack’s nature or when it occurred. However, Recorded Future recently disclosed attacks launched by China-linked adversaries that targeted Indian power grid groups.
According to their report, “the network intrusions were said to have been aimed at seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states.” The attacks were linked to Threat Activity Group 38 (TAG-38). The company concluded that the targeting is likely intended for future activities or is designed to enable information collecting linked to critical infrastructure assets. China denied its involvement, stating “many of U.S. allies or countries with which it cooperates on cybersecurity are also victims of U.S. cyber-attacks.”