Chinese hacked into India’s power grid just to show that they can
- Chinese cybercriminals, dubbed
RedEcho, are targeting India’s power gridwith background Trojans called ShadowPad.
- The investigation by Recorded Future identifies 10 distinct power sector organisations and two maritime ports as targets of RedEcho.
- The cybersecurity firm points out that this infiltration has little to offer in terms of economic espionage, but could be used as a ‘show of force’, a tool to sway public opinion or serve as research for bigger attacks in the future.
An investigation conducted by the firm’s Insikt Group claims to have discovered a steep rise in the attacks against many companies in India’s power sector.
“10 distinct Indian power sector organisations, including 4 or the 5 Regional Load Despatch Centres (RLDC)... have been identified as targets in a concerted campaign against India's critical infrastructure,” said the report. Chidambaranar and Mumbai ports were also identified as targets.
However, Recorded Future pointed out that infiltration of RLDCs have very little to offer in terms of meeting any economic espionage objectives. But it does have its uses.
Regardless of whether the attack itself was severe or not, the electric grid falls into the critical infrastructure category. The report believes such attacks are ideal for posturing and can deliver potential outcomes such as:
- To be a robust signaling message as a ‘show of force’
- To enable influence operations to sway public opinion during a diplomatic confrontation
- To support potential destructive cyber operations against critical infrastructure in the future
The two Asian giants were involved in their first fatal border clash in 45 years in June last year. Since then, their military forces have been locked in a face-off along multiple frictions points in Leh, especially along the southern banks of Pangong Tso Lake.
AdvertisementWho are these Chinese Hackers?
The first thing to note is that these attacks were using ShadowPad, which is one of the largest known supply-chain attacks, according to cybersecurity firm Kaspersky.
It is a covert background malware, which hides inside legit software. Once activated, it allows hackers to access the system in order to install more malicious software or steal data.
Even though the investigators spotted some overlaps with other cybercriminal groups — like APT41, known for the NetSarang incident using ShadowPad, and Tonto Team — they don’t believe that there is enough evidence to pin the blame on any known perpetrators.
In addition to APT41 and Tonto Team, ShadowPad is used by at least three other distinct Chinese groups. So, instead, this closely-related but distinct activity group has been dubbed RedEcho.
Elon Musk is facing a challenge from Asia’s richest man Mukesh Ambani in India— both in energy and transportation
Indians are heading back to parks, supermarkets and pharmacies — but malls and theatres are not on the priority list
- China's Long March rocket debris falls in Indian Ocean close to Maldives, ending days of uncertainty
- India crosses 4,000 mark of COVID deaths in a single day, total 2,42,362 fatalities reported so far
- Debris from China's disintegrating rocket enters Earth's atmosphere
- UP's Chief Minister Yogi Adityanath announces free funerals for deceased Covid patients
- You no longer need a Covid+ve report to get admitted to a hospital: Union Health Ministry