How Chinese Hackers Targeted India's Power Grid Amid Border Tensions

According to reports from Hackernews, during heightened China‑India border tensions Chinese hackers organized cyber attacks against Indian infrastructure, including the power grid.

The attacks, which occurred in May 2020 during the most severe stalemate, targeted twelve organizations, ten of which were in power generation and transmission. Ten Indian power entities, including four of five Regional Load Dispatch Centres (RLDCs) responsible for balancing supply and demand, were identified as coordinated targets, along with two Indian seaports.

The main victims included NTPC Ltd. and a power plant operating the Delhi power system.

Indian cybersecurity firm Insikt Group traced the intrusion to an organization named “RedEcho,” which shares infrastructure with Chinese hacking groups APT41 (also known as “Evil Panda”) and Tonto, suggesting possible personnel overlap.

Following a deadly clash in the Galwan Valley that killed 20 Indian soldiers (with China reporting four casualties), India banned over 200 Chinese‑operated apps for allegedly threatening national security and sovereignty.

Another cybersecurity firm, Recorded Future, noted an increase in China‑India cyber espionage, with attacks using the same AXIOMATICASYMPTOTE infrastructure that shared the ShadowPad Windows backdoor among state‑level actors like APT4.

During a small‑scale clash last year, a power outage in Mumbai caused severe city paralysis, raising suspicions of hacker involvement, though Maharashtra’s cybersecurity department said there was no definitive link between the outage and the discovered malware.

Officials later confirmed that the attacks on the load‑dispatch centres were coordinated.

The attacks were linked to a Chengdu‑based tech company called “404 Network,” known for targeting gaming products.

In retaliation, within weeks of the May conflict, India‑sponsored group Sidewinder used COVID‑related bait and spear‑phishing to attack Chinese military and government entities.

This large‑scale cyber campaign underscores that critical infrastructure is a lucrative target for attackers seeking to disrupt services used by millions.