Cyber Incident Victim: Tata Power
Date:
Oct 2022
Location:
India
Summary
Tata Power experienced a cyberattack compromising portions of its IT infrastructure, prompting immediate measures to restore affected systems while confirming critical operational functions remained unaffected. The company enforced restricted access and preventive checks across employee and customer-facing portals as a precautionary response, though it did not disclose attribution or confirm ransomware involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 14, 2022, Indian energy provider Tata Power disclosed a cyberattack targeting its IT infrastructure, confirming the incident in a public statement late that Friday. The company, part of the multinational Tata Group conglomerate, reported that the attack impacted certain IT systems but emphasized that all critical operational systems remained functional. Immediate steps were taken to retrieve and restore affected components, with restricted access and preventive checks implemented across employee and customer-facing portals as a precautionary measure. Tata Power did not specify the nature of the attack or identify potential threat actors, declining to confirm whether ransomware was involved. The breach did not disrupt core power generation and distribution operations, which continued without service interruptions for customers. The company’s response focused on containment and restoration, with assurances that investigations were ongoing and further updates would follow.
Tata Power, which reported $5.3 billion in revenue for its most recent fiscal year, operates power plants in Gujarat, Mumbai, Jharkhand, and 32 other Indian locations, alongside international projects in South Africa, Indonesia, Singapore, and Bhutan. The incident occurred against a backdrop of heightened cybersecurity concerns in India’s energy sector, following April 2022 reports by Recorded Future detailing Chinese state-sponsored cyber activity targeting Indian power grid infrastructure. That activity, attributed to a group tracked as RedEcho, involved intrusions targeting at least seven State Load Despatch Centres near the disputed India-China border region of Ladakh. While Tata Power did not link its October attack to any specific group, Indian Power Minister R.K. Singh had previously acknowledged attempts by “Chinese hackers” to compromise electricity distribution centers in the same area, though he asserted robust defensive measures were in place. The company maintained its focus on system recovery and access controls without elaborating on attack vectors, data compromise, or forensic findings.