Eelectrical poles of power grid at Nunna village near Vijayawada in IndiaBCCL
Chinese cybercriminals, dubbed RedEcho, are targeting India’s power grid with background Trojans called ShadowPad.
The investigation by Recorded Future identifies 10 distinct power sector organisations and two maritime ports as targets of RedEcho.
The cybersecurity firm points out that this infiltration has little to offer in terms of economic espionage, but could be used as a ‘show of force’, a tool to sway public opinion or serve as research for bigger attacks in the future.
Advertisement
Chinese cybercriminals are targeting the Indian power sector, according to a report by US-based cybersecurity company Recorded Future. The two Asian giants may be disengaging on the ground but relations do not seem to have thawed in the realm of cybersecurity.
An investigation conducted by the firm’s Insikt Group claims to have discovered a steep rise in the attacks against many companies in India’s power sector.
“10 distinct Indian power sector organisations, including 4 or the 5 Regional Load Despatch Centres (RLDC)... have been identified as targets in a concerted campaign against India's critical infrastructure,” said the report. Chidambaranar and Mumbai ports were also identified as targets.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
Suspected Indian power sector victims of RedEcho targeted intrusionsRecorded Future, Google Maps
However, Recorded Future pointed out that infiltration of RLDCs have very little to offer in terms of meeting any economic espionage objectives. But it does have its uses.
Advertisement
Regardless of whether the attack itself was severe or not, the electric grid falls into the critical infrastructure category. The report believes such attacks are ideal for posturing and can deliver potential outcomes such as:
To be a robust signaling message as a ‘show of force’
To enable influence operations to sway public opinion during a diplomatic confrontation
To support potential destructive cyber operations against critical infrastructure in the future
These points are key because the discovery of the attack comes at a time when Indo-Sino relations are tense and disengagement attempts on-going along the Line of Actual Control (LAC).
The two Asian giants were involved in their first fatal border clash in 45 years in June last year. Since then, their military forces have been locked in a face-off along multiple frictions points in Leh, especially along the southern banks of Pangong Tso Lake.
Who are these Chinese Hackers? The first thing to note is that these attacks were using ShadowPad, which is one of the largest known supply-chain attacks, according to cybersecurity firm Kaspersky.
Advertisement
It is a covert background malware, which hides inside legit software. Once activated, it allows hackers to access the system in order to install more malicious software or steal data.
High-level RedEcho Terrorist Tactics, Techniques, and Procedures (TTPs) and Recorded Future data sourcing graphic Recorded Future
Even though the investigators spotted some overlaps with other cybercriminal groups — like APT41, known for the NetSarang incident using ShadowPad, and Tonto Team — they don’t believe that there is enough evidence to pin the blame on any known perpetrators.
In addition to APT41 and Tonto Team, ShadowPad is used by at least three other distinct Chinese groups. So, instead, this closely-related but distinct activity group has been dubbed RedEcho.
NewsletterSIMPLY PUT - where we join the dots to inform and inspire you. Sign up for a weekly brief collating many news items into one untangled thought delivered straight to your mailbox.
The CEO of far-right social media site Gab said it was under attack from 'demon hackers.' The hacker threatened to leak passwords and private messages from 15,000 users.
Biden supports the historic Amazon worker union vote in Alabama, and demands 'no anti-union propaganda'
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
