Port Facility

Port Facility, operating under that alias, is a maritime entity headquartered in India. As a port facility, it provides services related to the handling, storage, and movement of cargo and vessels within India’s maritime infrastructure. The organisation’s headquarters are located in India, and its operational footprint includes the Mumbai port area, where it functions as part of the region’s logistics and transport network. In October 2020, Port Facility was identified as one of the two maritime organisations targeted in a cyber‑enabled incident that precipitated a widespread power outage across Mumbai. The outage disrupted essential services such as hospitals, suburban trains, and financial markets, drawing attention to the vulnerability of critical infrastructure to cyber threats. Being singled out in this attack highlights the facility’s role within the broader maritime and energy supply chain that supports the city’s economic activity.

The incident occurred on 12 October 2020 when a coordinated cyber‑sabotage campaign disrupted the electricity grid serving Mumbai. Investigations by security firms, notably Recorded Future, attributed the activity to a China‑linked threat actor known as RedEcho, which has been associated with other Chinese advanced persistent threat groups. The attackers deployed the ShadowPad malware, leveraging infrastructure tied to the AXIOMATICASYMPTOTE framework to gain persistence and move laterally within victim networks. Recorded Future’s analysis linked the campaign to China’s strategic interests, suggesting a possible connection to geopolitical tensions and infrastructure initiatives such as the Belt and Road Initiative. Indian state authorities acknowledged the possibility of a cyber‑origin for the outage and launched investigations into the breach, while national power officials downplayed the malware’s operational impact and Chinese representatives dismissed the allegations outright. The targeting of Port Facility, alongside another maritime entity, underscored the attackers’ focus on sectors that enable both maritime trade and power distribution, illustrating how cyber operations can simultaneously affect multiple critical infrastructures.