Journalism of Courage
Premium

Suspected Chinese hackers collect intelligence from India’s grid near Ladakh

The hackers focused on at least seven “load dispatch” centers in northern India that are responsible for carrying out real-time operations for grid control and electricity dispersal in the areas they are located, near the disputed India-China border in Ladakh, the report said.

Chinese hackers, China India, India's grid. India intelligence china, China india news, India news, Indian expressThe hackers compromised an Indian national emergency response system and a subsidiary of a multinational logistics company, according to the report. (File Photo: Indian Army/AP)
Advertisement

Suspected state-sponsored Chinese hackers have targeted the power sector in India in recent months as part of an apparent cyber-espionage campaign, the threat intelligence firm Recorded Future Inc. said in a report published Wednesday.

🗞️ Subscribe Now: Get Express Premium to access the best Election reporting and analysis 🗞️

The hackers focused on at least seven “load dispatch” centers in northern India that are responsible for carrying out real-time operations for grid control and electricity dispersal in the areas they are located, near the disputed India-China border in Ladakh, the report said. One of the load dispatch centers previously was the target of another hacking group, RedEcho, which Recorded Future has said shares “strong overlaps” with a hacking group that the U.S. has tied to the Chinese government.

“The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence gathering opportunities,” the Recorded Future report states. “We believe this is instead likely intended to enable information gathering surrounding critical infrastructure and/or pre-positioning for future activity.”

In addition, the hackers compromised an Indian national emergency response system and a subsidiary of a multinational logistics company, according to the report.

The hacking group, dubbed TAG-38, has used a kind of malicious software called ShadowPad, which was previously associated with China’s People’s Liberation Army and the Ministry of State Security, according to Recorded Future. Researchers didn’t identify the victims by name.

Jonathan Condra, a senior manager at Recorded Future, said the method the attackers used to make the intrusions — using compromised internet of things devices and cameras — was unusual. The devices used to launch the intrusions were based in South Korea and Taiwan, he said.

Story continues below this ad

The Chinese Ministry for Foreign Affairs didn’t respond to a request for comment by press time. Beijing has consistently denied involvement in malicious cyber activity. Indian authorities also didn’t respond to a request for comment.

Curated For You
Dhurandhar ​Box Office Collection ​Day 1​5 ​Worldwide​ Latest Update: Ranveer Singh film is second fastest to earn Rs 500 cr net in India, earns Rs 16.6 cr on day 16
India Squad for T20 World Cup 2026 Announcement LIVE Updates: Shubman Gill dropped from squad
Sreenivasan Death News Live Updates: Mohanlal, Mammootty pay last respects; Kamal Haasan, Rajinikanth mourn demise

Stay updated with the latest - Click here to follow us on Instagram

Tags:
Edition
search
Install the Express App for
a better experience
Featured
Today's E-paper
Dec 20, 2025
Trending Topics
News
Multimedia
Follow Us
Express PremiumGDP: Anatomy of rupee weakness against the dollar
X