Cybersecurity specialists from the Insikt Group company reported cyber attacks on the networks of seven Indian State Dispatch Centers (SLDC), which perform real-time operations for network management and electricity dispatching. All seven SLDCS are located near the India-China border in Ladakh.
According to experts, in addition to attacks on network assets, the malicious campaign affected the national emergency response team and the Indian branch of a logistics company. During the cyberattacks, a Trojan called ShadowPad was used, which is allegedly linked to contractors serving the Ministry of State Security of China.
Experts believe that the TAG-38 group penetrated the system through third-party devices, such as IP cameras connected to the Network, which could remain vulnerable due to the presence of default credentials.
Since the series of attacks was prolonged, the purpose of the criminals was to collect information about critical infrastructure, not financial gain. Later, such information can be used to gain access to the system and perform destructive actions.