ENERGY INFRASTRUCTURE
CryptoMize Proprietary IntelligenceClassification: RESTRICTED
Threat Level
CRITICAL
Immediate action required
0
Load Despatch Centers
0GW
GW NTPC Capacity
0ckm
Circuit Kilometers
0%
SCADA on Server 2008
CASE STUDY: Mumbai 2020 Grid Failure
October 12-13, 2020 | 13 Hours | 220 Million Affected
Cascade Failure Flow
14:55400kV Kharghar breaker failure
14:55-57Protection relay failed to trip
14:57400kV Kalwa-Kharghar line trips
14:57-15:02220kV network underfrequency
15:02Manual load shedding 1,800MW
15:10-15:30Restoration begins
18:00+Mumbai island restored
03:00+Outer MMR restored (13hrs)
220M
People Affected
13
Hours Duration
Economic Impact
₹2.5 Crore+ / hour
Root Cause
CRITICALRedEcho/ShadowPad intrusion into MSETCL load despatch infrastructure
Chinese state-sponsored | Modbus TCP C2 | 8-10 days undetected
REDECHO KILL CHAIN
ShadowPad Operation Against Indian Power Infrastructure
🎣
Initial Access
Spear-phishing
11 entities
⚡
Execution
VBA Macro
11 entities
🎯
Persistence
TeamViewer
9 entities
🔍
Discovery
Network Scanning
8 entities
↔️
Lateral Movement
RDP/VNC
7 entities
📡
Collection
Modbus C2
6 entities
🎭
Command & Control
ShadowPad
5 entities
💥
Impact
Grid Disruption
3 entities
Power Grid
CRITICAL RISK
SCADA on EOL Systems60%+
Load Despatch Centers152
Modbus TCP ExposureCRITICAL
Oil & Gas
HIGH RISK
ONGC Offshore Platforms190+
Pipeline SCADADNP3/Modbus
Confirmed Incidents5+
Nuclear
STRATEGIC RISK
Operational Reactors24
Kudankulam StatusDTRACK
NCA C2 ExposureCONFIRMED
Classification: RESTRICTED — CryptoMize Proprietary IntelligenceSegment 07 | Energy Infrastructure | March 2026