Mumbai Blackout Uncovered: Hackers Hacked Mumbai Power Grid

During October 12, India’s financial state Mumbai suffered a massive blackout that left medical facilities, stock exchanges and other critical infrastructure under severe risks. A recent report states that local authorities have linked this incident to malicious hacking activities. 

An anonymous source has shared with local media that multiple ‘suspicious’ logins on the supply and transmission utility servers were detected during a month-long probe; the vast majority of these detected accounts came from Asian countries such as Singapore. Indian agents keep investigating in coordination with local authorities.

A recently disclosed report by cybersecurity firm CYFIRMA mentioned that up to 4 different state sponsored threat actors could be involved in the massive power shutdown, including hacking groups such as Mission 20205, APT35, Stone Panda and Lazarus Group. Nonetheless, there are no more details about the attack, so Indian authorities are unable to add more information.

About the incident, Maharashtra’s Energy Minister Nitin Raut said that the possibility of a cyberattack could not be ruled out: “There was a technical problem and the Kharghar unit stopped. There was an islanding failure in Mumbai, which shouldn’t have happened in normal conditions. This is the reason that the possibility of sabotage is real,” he said.

Back in June, there was another breach at the Jammu and Kashmir Power Department’s IT infrastructure. Not only was the department rendered inoperable for three days; its website and mobile app were also under attack. Neel Kamal Singh from the IT department of the J&K Power Department mentioned that it was a ransomware infection, where all official files and data have been encrypted by an unknown group of threat actors. Before the attack was comlpeted, the hackers were able to compromise at least four IT servers.