Udayavni Special

Amidst heightened border tension, Chinese hackers targeted India’s power through malware: US firm


PTI, Mar 1, 2021, 1:31 PM IST

Washington:  Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India’s critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year”s massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

“However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives,” it said.

“Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation,” Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

“The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future’s network telemetry,” it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

“The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020,” it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

“Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups,” it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company’s report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Oxygen will last 2 hours; 25 Covid-19 patients have died in last 24 hrs at Delhi’s Sir Ganga Ram Hospital

Covid-19: Canada bans flights from India and Pakistan for 30 days

Govt issues revised clinical guidance for management of COVID-19 patients

Demand for medical oxygen increases in twin districts

13 COVID-19 patients die in Maha hospital fire

Shocking animal cruelty in M’luru: Dog tied to bike with rope, dragged

Kerala govt calls for all party meet to discuss COVID surge




Related Articles More

Covid-19: Canada bans flights from India and Pakistan for 30 days

4 killed in blast at Pakistan hotel hosting Chinese Ambassador: official

Vanita Gupta becomes first Indian-American to be US’ associate attorney general

Australia ends China deals on national interest grounds

In annual address, Putin warns Russia’s foes will be sorry

MUST WATCH

Shocking animal cruelty in M’luru: Dog tied to bike with rope, dragged

H D Kumaraswamy slams Karnataka govt

News Bulletin 22 -4- 2021

Udayavani Phone-in program related to the development of Markets in Mangaluru

COVID-19 LOCKDOWN RECAP IN 3 MINS

Latest Additions

Karnataka to purchase 1 crore doses of Covishield vaccine for Rs 400 crore

Additional allocation of 25,000 Remdesivir vials for Karnataka, says Sadananda Gowda

Kundapura: Rush to register wedding guest list, receive passes

Oxygen will last 2 hours; 25 Covid-19 patients have died in last 24 hrs at Delhi’s Sir Ganga Ram Hospital

Covid-19: Canada bans flights from India and Pakistan for 30 days

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.