1. Home
  2. 'Amidst border tension, Chinese hackers targeted India’s power through malware'

'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 16,2024

raoshankar.jpg

New Delhi:  Twenty-nine Maoists, including a senior rebel leader - Shankar Rao, who had a bounty of ₹ 25 lakh on his head - were killed by security forces during an encounter in Chhattisgarh's Kanker district on Tuesday afternoon. A huge quantity of weapons, including Ak-47 and INSAS rifles, were recovered. 

Three security personnel were injured in the gunfight, which took place in forests near the village of Binagunda after a joint team of District Reserve Guard and Border Security Force were attacked.

Two of the three injured are from the BSF. Their condition is stable but the third - from the DRG - is in critical care. All three received treatment at a local hospital and are to be shifted to a larger facility.

Sources said the fighting began at around 2 PM, when a joint DRG-BSF team was conducting an anti-Maoist operation. The DRG was set up in in 2008 to combat Maoist activities in the state, and the Border Security Force has been deployed extensively in the area to for counter-insurgency ops.

There was another encounter in the district last month, in which two people - a Maoist and a cop - were killed, and security forces recovered a gun, some explosives, and other incriminating materials.

Personnel from the DRG and Bastar Fighters, both units of the state police force, with the Border Security Force, were involved in that operation, officials told news agency PTI. The patrolling team was cordoning off a forested area when fired on indiscriminately, leading to the gun battle.

In November last year, while the state was voting in the first phase of an Assembly election, a gunfight broke out between security forces and Maoist rebels in the same district.

An Ak-47 rifle was recovered from the encounter site.

On the same day, while polling was taking place, Maoists fired at DRG personnel deployed near a polling station in Banda in Dantewada district.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 12,2024

iranisrael.jpg

New Delhi, Apr 12: India on Friday asked its citizens not to travel to Iran or Israel amid escalating tensions between the two countries following a strike on the Iranian consulate in Syria 11 days ago.

Iran blamed Israel for the strike and there have been fears that Tehran may launch an attack on Israel soon.

In an advisory, the Ministry of External Affairs (MEA) also urged the Indians residing in Iran and Israel to exercise utmost precautions about their safety and restrict their movements to minimum.

“In view of the prevailing situation in the region, all Indians are advised not to travel to Iran or Israel till further notice,” it said.

“All those who are currently residing in Iran or Israel are requested to get in touch with Indian Embassies there and register themselves,” the MEA said.

“They are also requested to observe utmost precautions about their safety and restrict their movements to the minimum,” it added. 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 25,2024

Bengaluru, Apr 25: Former union minister C M Ibrahim, who was expelled from Janata Dal (Secular) for protesting against party’s alliance with BJP, has stressed on need for a third front not just at the national level, but also in Karnataka. 

Addressing a news conference in Bengaluru on Wednesday, he said he’s planning to form a third front in Karnataka along with Lingayat Seer Dingaleshwar Swami.

Ibrahim said that he will tour the state between April 27 and May 4 and that he would meet Dingaleshwar Swami on April 29. “There is a need for the third front in this country. We will try to establish a third front in association with the seer and we hope we will be successful in those efforts,” he said.

Expressing disappointment with the Congress for not doing enough to gain the full confidence of Muslims, Ibrahim said that Congress is concentrating only on certain communities for votes, and ignoring Muslims. 

“The Congress is not even caring for Muslims and Dalit votes. In some Muslim areas they did not even hold campaigns seeking votes and trying to convince the communities which never vote in their favour. I fear this may lead to low turnout and Congress may lose its vote base,” he opined.

Mentioning about guarantees on which Congress is strongly relying during this election, Ibrahim said, such things won’t work all the time. “Guarantees will not work anymore. Every election you need to give something new to the voters,” he added.

On Prime Minister Narendra Modi’s statement that Congress is trying to appease minorities for votes, Ibrahim requested both Congress and BJP parties not bring Muslims between them. “I request both parties. Leave us alone. Don’t make us sandwiches for your political sake. We are living with peace and hope even the Prime Minister will understand this,” Ibrahim added.

Launching a broadside against Prime Minister Deve Gowda, Ibrahim said, “Deve Gowda has sold his personality itself. Whatever I have told about JD(S) has come true. I pity, a former Prime Minister should not have come to this stage,” he said. 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.