Heimdal
article featured image

Contents:

The Multibillion-dollar Indian energy giant, Tata Power, announced on Friday that it has been the victim of a cyberattack. The intrusion of the threat actors impacted some of the company’s IT systems, the company announced in a brief statement.

What Happened?

Tata Power, part of the Indian conglomerate Tata Group, gave little information about the cyberattack. The company released a statement on Friday with the National Stock Exchange (NSE) of India confirming that their systems have been targeted.

“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touchpoints.”

Source

At the time of writing this article, no further information has been disclosed by Tata Power. According to The Hacker News, there are speculations that Chinese threat actors might be behind the attack, as allegedly in April, Chinese state-sponsored hackers targeted the Indian power sector in a long-term project.

According to reports, “at least seven Indian State Load Despatch Centers (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within their respective states” were the target of the network attacks. China refuted allegations about its involvement in that series of attacks, stating that “many U.S. allies or countries with which it cooperates on cybersecurity are also victims of U.S. cyberattacks.”

The Indian company, Tata Power, is one of the biggest energy retailers in Asia. The current aim of the company is to double the share of clean energy in its portfolio to 60% in five years, from about 20%, the current percentage. Tata Power has a target to become net zero by 2045.

UPDATE: Hive Ransomware Claims the Cyberattack

As of October 25th, Hive ransomware group has claimed responsibility for the cyberattack. Operators of the ransomware group posted data that they claim have stolen from Tata Power, indicating that the ransom negotiation between the electricity provider and the ransomware group failed.

Hive Ransomware Data Leakage (Source)

The data shared by Hive contained Tata Power employees’ personally identifiable information (PII), National ID card numbers, PAN numbers, salary information, and other sensitive data. The data dump also contains clients’ information, engineering drawings, as well as financial and banking records.

Hive operators claim that they encrypted the data on October 3rd. If their target refuses to pay their demanded ransom and subsequent discussions are unsuccessful, threat actors like extortion and ransomware groups often start leaking or selling the data they have breached or stolen from their targets.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE