1. Home
  2. 'Amidst border tension, Chinese hackers targeted India’s power through malware'

'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 26,2025

Mangaluru, Nov 26: Mangaluru East police have registered a case following a sophisticated online fraud where a 57-year-old local resident was allegedly cheated out of ₹13.4 lakh after being targeted on Facebook.

The scam began in February when the complainant, while browsing Facebook reels, was contacted by a woman identifying herself as "Lillian Mary George" from London. After establishing a chat relationship, the woman claimed she would visit India in November and bring a significant sum of money.

The trap was sprung on November 15, when the victim received a call from a woman named "Sonali Gupta," who claimed Lillian had arrived at Mumbai International Airport but was detained by customs. The fraudsters convinced the man that Lillian was carrying £25,000 (about ₹26 lakh) in traveller’s cheques and 1 kg of gold (valued at around ₹30 lakh).

Under the pretense of clearing these items, the victim was asked to make numerous online transfers between November 15 and 18 for various bogus charges, including:

•    "Pounds exchange registration"
•    "Customs declaration issues"
•    "Discount charges"
•    "Money-laundering charges"

Believing the fictitious story, the complainant transferred the cumulative sum of ₹13.4 lakh to various bank accounts provided by the fraudsters. He realised he was cheated when the culprits later promised a refund within two days but stopped answering his calls. The Mangaluru East police are now investigating the case, which highlights the continuing threat of transnational cyber fraud using social engineering and promises of fictitious wealth.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 21,2025

Bantwal: A domestic dispute appears to have led to a violent confrontation in BC Road area, where the owner of a textile shop was allegedly attacked with a knife by his wife on Wednesday evening.

Krishna Kumar Somayaji, the owner of Somayaji Textiles, sustained serious injuries in the incident and was immediately taken to a hospital for treatment. He is currently receiving care in the intensive care unit and is reported to have survived the assault, according to police.

The Bantwal Town police have registered a case against Somayaji's wife, Jyothi KT, who has since been taken into custody.

Police stated that the complainant, Namita, an employee at the shop, reported the sequence of events. She stated that around 7 p.m. on Wednesday, the suspect entered the shop, wearing a burqa and disguised as a customer, before attacking Somayaji with a knife. The employee then transported the injured owner to a local hospital via an autorickshaw.

Superintendent of Police Arun K confirmed that an ongoing domestic dispute between Somayaji and his wife reportedly preceded the attack. Police noted that Jyothi KT had previously visited the shop and issued threats.

Based on the complaint, Bantwal Town police have registered a case under relevant sections of the Bharatiya Nyaya Sanhita (BNS) and the Indian Arms Act-1959. An investigation into the incident is currently underway.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2025

gaza.jpg

The Israeli regime’s forces have killed two Palestinian children in the Gaza Strip every day since the ceasefire began in early October, UNICEF has warned.

The UN children’s agency said on Friday that Israeli forces continue to attack Palestinians in Gaza even though the agreement was meant to stop the killing.

“Since 11 October, while the ceasefire has been in effect, at least 67 children have been killed in conflict-related incidents in the Gaza Strip. Dozens more have been injured. That is an average of almost two children killed every day since the ceasefire took effect,” UNICEF spokesperson Ricardo Pires said in Geneva, reminding that each number in the statistics represents a child whose life had ended violently.

“These are not statistics,” he said. “Each child had a story, a family, and a future that was stolen from them.”

Data from Palestinian factions, human rights groups, and government bodies recorded since the US-brokered ceasefire deal went into effect on October 10 show that Israeli forces have carried out numerous attacks, each constituting a separate ceasefire violation.

UNICEF teams say they repeatedly continue to witness heart-wrenching scenes of fearful Palestinian children sleeping outdoors with amputated limbs, while others live as orphans in flooded, makeshift shelters.

“I saw this myself in August. There is no safe place for them. The world cannot normalize their suffering,” Pires said, lamenting that the UN could “do a lot more if the aid that is really needed was entering faster.”

The UNICEF spokesperson warned that with the advent of winter, the risks for hundreds of thousands of displaced children will increase.

He warned, “The stakes are incredibly high” for children as winter acts as a threat multiplier, where children have no heating, no insulation, and few blankets. He said respiratory infections rise.

“Too many children have already paid the highest price,” Pires said. “Too many are still paying it, even under a ceasefire. The world promised them it would stop and that we would protect them.”

“Now we must act like it,” the UNICEF spokesperson added.

Since the Israeli regime launched its genocidal war against Palestinians in Gaza in October 2023, it has killed nearly 70,000 people in the territory, most of them women and children, and injured over 170,000 more, while reducing most of the structures in the enclave to rubble.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.