In a chilling cyber-espionage campaign, state-linked Chinese hackers have been probing Indiaβs power grid β so closely, experts say, they were almost in a position to knock out electricity for a billion people.
Thatβs not speculation. According to a report by Recorded Future, a U.S.-based threat-intelligence firm, Chinese cyber teams have targeted at least seven βload dispatchβ centers in northern India. These centers are critical for real-time operations that control electricity flow.
The attacks were not random. They were highly focused, and likely designed for βinformation gathering surrounding critical infrastructure,β rather than simple theft. Recorded Future says this could be part of βpre-positioning for future activity.β In other words: this could be more than spying β it could be a dry run.
The hackers reportedly used malware called ShadowPad, a tool that has been linked to Chinese state agencies, including the Ministry of State Security and even the Peopleβs Liberation Army. Whatβs striking is how they carried out the attacks: not just through corporate servers, but via compromised Internet-of-Things devices β think CCTV cameras, DVRs β many based in South Korea and Taiwan. Itβs a reminder that even your home security camera can be a weapon in a state-sponsored cyberwar.
Indian counter-cyber agencies didn’t just sit back. CERT-In (Indian Computer Emergency Response Team) had warned grid controllers about Chinese-backed cyberattacks as early as November. They flagged critical IP addresses and domains, and firewalls were strengthened in response. According to insiders, antivirus scans and additional security measures were rolled out across control centers.
Still, there were gaps. A recent audit showed that more than 270 substations across India lack βnext-generationβ firewalls β systems that detect and prevent intrusions. Installing these firewalls would cost the Power Grid Corporation an estimated βΉ119 crore, and officials have said that fitting this into the current operations budget is βdifficult.β Thatβs a big price for digital safety, but in cyberspace, the cost of not paying can be far greater.
Indiaβs government says, so far, there has been βno impact on any operationβ of its power grid from these malware attacks. According to the Ministry of Power, thereβs βno data breach / data lossβ detected, and the critical control operations remain intact. Still, experts caution that not all cyber threats lead to immediate, visible damage β sometimes the worst attacks are the ones that prepare the battlefield.
The suspected Chinese hackers have repeatedly denied the allegations. Beijingβs foreign ministry spokesperson has said it is βhighly irresponsibleβ to accuse China when βthere is no sufficient evidence.β That denial has become almost a ritual in these cases, but it does little to quiet the tension.
The situation raises serious questions about Indiaβs cyber-defense readiness. With hundreds of thousands of attacks reportedly foiled in one tight period, Indiaβs cyber agencies have their hands full. Meanwhile, according to reports, many grid control centers remain vulnerable because of missing or weak firewalls.
There are also broader geopolitical implications. The targeted load dispatch centers are located near Ladakh β a region with long-standing tension between India and China.
According to Recorded Future, the hackersβ focus on this region suggests a strategic motive, not just espionage. If the hackers were merely after telecom secrets or trade data, they might have cast a wider net. Instead, they zeroed in on centers that, in a worst-case scenario, could be used to inflict blackout-level damage.
Some argue that this may be part of a broader βcyber signallingβ campaign β a way for China to warn India without going to war. In that sense, the cyber probe is not just technical, but psychological.
In response, India created a dedicated cyber response team for its power sector β the CSIRT-Power, under the Central Electricity Authority. The idea is to better monitor cyber threats, coordinate rapid responses, and conduct forensic analysis. But setting up the team is only half the job: it needs real muscle, resources, and constant vigilance.
To be fair, Indiaβs been on alert. According to reports, more than 200,000 cyberattacks on its power grid were allegedly foiled over just a few days in May. Thatβs not a small number β but it’s also a reminder of how exposed critical infrastructure remains.
No one is claiming that Indiaβs lights went out thanks to this cyber campaign β not yet, at least. But the fact that a stealthy, state-linked group came this close is getting national security experts to lose sleep. And rightly so.
Featured image via Youtube screengrab
