Chinese hacked into India’s power grid just to show that they can

• Chinese cybercriminals, dubbed RedEcho, are targeting India’s power grid with background Trojans called ShadowPad.
• The investigation by Recorded Future identifies 10 distinct power sector organisations and two maritime ports as targets of RedEcho.
• The cybersecurity firm points out that this infiltration has little to offer in terms of economic espionage, but could be used as a ‘show of force’, a tool to sway public opinion or serve as research for bigger attacks in the future.

Chinese cybercriminals are targeting the Indian power sector, according to a report by US-based cybersecurity company Recorded Future. The two Asian giants may be disengaging on the ground but relations do not seem to have thawed in the realm of cybersecurity.

An investigation conducted by the firm’s Insikt Group claims to have discovered a steep rise in the attacks against many companies in India’s power sector.

“10 distinct Indian power sector organisations, including 4 or the 5 Regional Load Despatch Centres (RLDC)... have been identified as targets in a concerted campaign against India's critical infrastructure,” said the report. Chidambaranar and Mumbai ports were also identified as targets.



However, Recorded Future pointed out that infiltration of RLDCs have very little to offer in terms of meeting any economic espionage objectives. But it does have its uses.

Regardless of whether the attack itself was severe or not, the electric grid falls into the critical infrastructure category. The report believes such attacks are ideal for posturing and can deliver potential outcomes such as:

• To be a robust signaling message as a ‘show of force’
• To enable influence operations to sway public opinion during a diplomatic confrontation
• To support potential destructive cyber operations against critical infrastructure in the future

These points are key because the discovery of the attack comes at a time when Indo-Sino relations are tense and disengagement attempts on-going along the Line of Actual Control (LAC).


The two Asian giants were involved in their first fatal border clash in 45 years in June last year. Since then, their military forces have been locked in a face-off along multiple frictions points in Leh, especially along the southern banks of Pangong Tso Lake.

Who are these Chinese Hackers?
The first thing to note is that these attacks were using ShadowPad, which is one of the largest known supply-chain attacks, according to cybersecurity firm Kaspersky.

It is a covert background malware, which hides inside legit software. Once activated, it allows hackers to access the system in order to install more malicious software or steal data.


Even though the investigators spotted some overlaps with other cybercriminal groups — like APT41, known for the NetSarang incident using ShadowPad, and Tonto Team — they don’t believe that there is enough evidence to pin the blame on any known perpetrators.

In addition to APT41 and Tonto Team, ShadowPad is used by at least three other distinct Chinese groups. So, instead, this closely-related but distinct activity group has been dubbed RedEcho.

SEE ALSO:
Elon Musk is facing a challenge from Asia’s richest man Mukesh Ambani in India⁠— both in energy and transportation

Indians are heading back to parks, supermarkets and pharmacies — but malls and theatres are not on the priority list