According to intelligence sources cited by News18, recent cyberattacks on India’s critical infrastructure, such as the national grid attacks in 2021 and the AIIMS cyberattack last year, have direct or indirect links to private entities working on behalf of China. These private players and third-party apps reportedly interact with Chinese servers, transmitting data gathered through their operations, some of which have government-level access.
Following the Galwan Valley clash and the COVID-19 pandemic, India has been facing a surge in cyberattacks from China targeting its key infrastructure. In response, India banned over 200 apps, including TikTok, PUBG, WeChat, UC Browser, and Club Factory, after observing similar data collection methods linked to Chinese interests. A senior intelligence official tracking cyberthreats confirmed that these companies have deployed numerous applications within India to harvest data.
Chinese whispers
In 2020, the Mumbai power outage was linked to a cyberattack on distribution centers involving malware, with investigations pointing to Chinese groups as the culprits. According to a report by the American cybersecurity intelligence firm Recorded Future, the malware used in these grid systems had established connections with Chinese operatives.
The cyberattack on AIIMS servers last year further highlighted the need to classify health as critical infrastructure. The attack prompted significant changes to the systems at AIIMS, and evidence suggested that it originated from groups likely based in one of India’s neighboring countries, most probably China.
India also experienced what was considered the world’s largest data breach until 2023, with the data of 815 million Indians compromised—again, linked to Chinese entities. Indian intelligence agencies have identified that numerous companies operating in Indian cyberspace are involved in collecting, spying, and transferring data to Chinese servers. These private companies often use malware or manipulate system access to extract data from Indian citizens, with the information interacting with Chinese government-backed servers.
An intelligence analysis found that a specific app contained malicious code and obtained critical permissions that could be exploited to surveil users through their device cameras, microphones, location tracking, and other network activities. “Such apps pose serious risks to the sovereignty and integrity of India and could threaten national security,” the analysis stated, adding that the intelligence inputs were immediately acted upon by the government.
Additionally, other reports indicate that data collected by these applications is being systematically stored on Chinese servers, spread across different locations due to the sheer volume of data.
What experts say
The ongoing threat posed by data collection practices that allow unsuspecting users to inadvertently share information with Chinese groups is a significant concern. Experts warn that hackers could leverage this data to manipulate or sabotage critical infrastructure. “When third-party companies collect data and send it to Chinese servers, it creates a serious security issue,” said Ruchin Kumar, Vice President (South Asia) at Futurex, in an interview with News18. He emphasized that Chinese laws compel businesses to cooperate with the government, potentially exposing sensitive information related to government, defense, or infrastructure.
“It’s not just about espionage. The danger is that hackers could use this data to manipulate or sabotage critical infrastructure,” Kumar added. “Imagine an attack that disrupts essential services, like power grids or healthcare systems. That’s the kind of risk we’re facing.”
Koushik Pal, a threat researcher at CloudSEK, pointed out that some private firms, which present themselves as legitimate security services, are actively involved in covert surveillance and data mining. He highlighted a troubling nexus between technology and invasive monitoring. “The recent I-SOON leak revealed that some private security firms we trust to protect our data are, in reality, functioning as covert surveillance networks, collecting sensitive information from both governments and ordinary citizens,” Pal said.
Pal also mentioned that countries institutionalizing cyberwarfare are increasingly targeting nations of strategic interest. He noted that China may be utilizing hacking competitions, like the Zhujiang Cup, as covert means of intelligence gathering, with participants probing real-world networks under the pretense of cybersecurity training.
Recent investigations by CloudSEK’s TRIAD team uncovered a sophisticated phishing infrastructure managed by Chinese state-sponsored threat actors that targets Indian citizens on a large scale. High-level malware campaigns, including Android spyware and banking trojans, are further compounding the threat, with attackers disguising these malicious tools as legitimate applications.