India's Largest Integrated Power Company, Tata Power, Experienced Cyberattack

Tata Power Company Limited is an Indian electric utility company based in Mumbai, India.

As part of the larger Tata Group conglomerate company, Tata Power conducts its core business in generating, transmitting and distributing electricity.

With an installed electricity generation capacity of over ten thousand megawatt, Tata Power generates billions of dollars in revenue, by running major power plants in Gujarat, Mumbai, Jharkhand and 32 other locations across India.

This makes Tata Power the largest integrated power company in India.

The company also has operations in South Africa, Indonesia, Singapore and Bhutan.

And this time, the company experienced a cyberattack.

Tata Power
Besides having coal as its source for generating electricity, Tata Power also sources it from renewables.

The intrusion impacted "some of its IT systems," the company said in a filing with the National Stock Exchange (NSE) of India (PDF).

The company said that it is putting in place security guardrails for customer-facing portals to prevent unauthorized access.

And speaking about the scope of the attack, the company refused to disclose more data.

Tata Power refused to provide details on the nature of the attack, of when it took place, but said that it has taken steps to retrieve and restore the affected machines,

"As stated in the Statement, the Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning," a representative of the company said.

However, it is said that the network intrusions are related to a campaign discovered back in April 2022, found by Recorded Future’s Insikt Group researchers.

It is said that a China-linked threat actor is targeting "at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states."

The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka TAG-38.

Previously, the Insikt Group researchers reported a campaign aimed at India’s power grid can be attributed to China-linked threat actor RedEcho.

[block:block=87]

Victims of TAG-38 in India.
Victims of TAG-38 in India. (Credit: Recorded Future)

Citing a senior official from the Maharashtra Police’s cyber unit, it's confirmed that local authorities have warned of a threat to electricity companies in the country.

But even so, Indian External Affairs Ministry spokesperson Arindam Bagchi said the country had not raised this issue with China, according to a media report.

China’s foreign ministry spokesperson Zhao Lijian reportedly refuted the allegation.

Responding to the attack the Indian government highlighted the cybersecurity of the country’s nationwide electricity network as a challenge in its public statements.

This follows earlier statement by the government, which said that the issue with cyberattacks increasingly targeting power grids in the country has been addressed by Union Power Minister RK Singh.

He had said that the country’s power network is planed to receive a significant upgrade to be more “future-ready” and protect itself from cyberattacks.