CERT-In had alerted grid controllers about China-backed cyberattacks in November
SECTIONS
Share
Synopsis
A New York Times report on Sunday cited a study by Recorded Future, a Massachusettes-based outfit that studies the internet use by state actors, to raise doubt Chinese state-backed hackers may have caused the October 12 power outage in Mumbai to warn India against strong pushback in the border row in Ladakh.
Agencies
The national grid operator and its regional units were on November 19 alerted about the malware and threats of other attempts at hacking.
(This story originally appeared in on Mar 01, 2021)NEW DELHI: A stitch in time saved India a major power outage and huge economic cost. Government insiders said additional safeguards were deployed as early as November to protect the national power grid from hacking, possibly by Chinese state-backed hackers.
Government insiders said India’s cybersecurity agency CERT-In (Indian Computer Emergency response Team) had in November detected ShadowPad malware, one of the largest supply chain attacks. The national grid operator and its regional units were on November 19 alerted about the malware and threats of other attempts at hacking.
On February 12, another government cybersecurity agency, NCIIPC (National Critical Information Infrastructure Protection Centre) rang the alarm bell over Red Echo, a Chinese state-sponsored actor group, trying to break into the grid control systems. It said the IPs in both ShadowPad and Red Echo instances matched. The agency sent out a list of the ‘hot’ IPs and domains.
Government Sites Said to Have Critical Vulnerabilities; NCIIPC and CERT-in Step In: Reports
The vulnerabilities reportedly exposed sensitive files, credentials, and police FIRs. By Shayak Majumder | Updated: 22 February 2021 19:36 IST
Photo Credit: Pexels/ Mati Mango
The critical issues included over 13,000 identifiable information instances
Highlights
US DoD Vulnerability Disclosure Program was involved to raise concerns
NCSC says remedial actions have been taken
Security researchers said they found thousands of critical vulnerabilities in dozens of government-run Web services, more than half of which reportedly belonged to state governments. Most of the services had multiple issues that included exposed credentials, leaks of sensitive files, and existence of known bugs. If exploited, these lapses could reportedly lead to deeper access within the government network, as per the researchers. The issues had been brought under the notice of the
Highlights
The last version which is older than 88.0.4324.146 for Mac, Linux and Windows systems has come up with a lot of challenges and issues.
This could have a drastic effect on the user as it could help an attacker to execute arbitrary code, could view, change or delete data in the targeted system.
Google has already rolled out the beat version of Chrome 89.
After discovering vulnerabilities, the Indian Computer Emergency Response Team(CERT-In) has now issued an advisory to update the Google Chrome browser to the latest version. The last version which is older than 88.0.4324.146 for Mac, Linux and Windows systems has come up with a lot of challenges and issues.