1. Home
  2. 'Amidst border tension, Chinese hackers targeted India’s power through malware'

'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 24,2025

israelsyra.jpg

Israeli forces have pushed over the Syrian frontier, erecting a checkpoint and stopping vehicles in the southwestern city of Quneitra, in yet another breach of the Arab country’s sovereignty.

The violation took place on Sunday, when the troops made their way across the border, setting up the outpost near the Ain al-Bayda junction in northern Quneitra, Syrian outlets reported.

According to the al-Ikhbariya paper, an Israeli detachment positioned itself at the junction, halting cars and conducting searches.

The Syrian Arab News Agency (SANA) reported that three Israeli military vehicles then moved further into the northern countryside, deploying between the town of Jubata al-Khashab and the villages of Ofaniya and Ain al-Bayda. The agency added that a separate Israeli unit mounted a new incursion in the central region, approaching the villages of Umm Batina and al-Ajraf.

Residents said such activities have surged in recent months, pointing to Israeli advances onto farmland, leveling of extensive forested areas, arrests, and spread of mobile checkpoints.

The Israeli regime began markedly increasing its military aggression against Syria last year.

The escalation coincided with increasingly ferocious onslaughts throughout the country by the so-called Hay'at Tahrir al-Sham (HTS) Takfiri terrorist group, which the government of President Bashar al-Assad had confined to northwestern Syria. The HTS, however, managed to overthrow the government as the Israeli attacks would pummel the country’s civilian and defensive infrastructure.

Various reports have shown that, during the escalation, the regime conducted more than 1,000 airstrikes on the Syrian territory and over 400 ground raids into the south.

Following the collapse of the Assad government, Tel Aviv also widened its grip over the occupied Golan Heights by taking control of a demilitarized buffer zone, in defiance of a 1974 Disengagement Agreement. Earlier this month, senior Israeli officials, including Prime Minister Benjamin Netanyahu, visited the buffer zone, prompting expressions of alarm on the part of the United Nations.

The United States, the regime’s biggest ally, has, meanwhile, been fraternizing the HTS head Abu Mohammed al-Jolani amid the widely reported prospect of rapprochement with Tel Aviv.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 29,2025

DKSsiddu.jpg

New Delhi: Karnataka chief minister Siddaramaiah and deputy CM DK Shivakumar on Saturday put up a dramatic display of unity at a closely watched joint press briefing, firmly dismissing weeks of speculation about a power-sharing tussle within the Congress. With the high command nudging both leaders to sit together and settle the dust, the meeting became a political spectacle, ending with the duo declaring that there was “no confusion, no differences.”

Calling the reports of a rift “manufactured confusion,” Siddaramaiah said the talks had gone smoothly, even joking about their breakfast. “Breakfast was very good. All three of us enjoyed it,” he said. “We want to end this confusion once and for all. For local elections and for 2028, our mission is clear — Congress must return to power. There is no difference between me and DKS, not now, not before.”

He blamed the media for fuelling rumours and reiterated absolute adherence to the party leadership. “From tomorrow, let there be no confusion. What the high command says, we will follow.”

Siddaramaiah also assured that the Assembly session starting December 8 would run smoothly and vowed that Congress would take on the BJP and JD(S) “together.”

Shivakumar echoed the chief minister word for word, stressing loyalty and discipline. “People have given us a massive mandate. It is our duty to deliver,” he said. “This government was formed under Siddaramaiah’s leadership. We both have complete trust in the high command. If they tell me to wait, I will wait.”

He added that the two leaders had discussed strategy for the 2028 Assembly elections. “Whatever the CM says, I agree. We are loyal soldiers of the party. The party may be facing challenges nationally, but we will keep it strong in Karnataka.”

Shivakumar also said Siddaramaiah would soon visit his home for lunch or dinner — another symbolic gesture meant to underline their unity.

Both leaders later posted on social media describing the breakfast meeting as “productive” and focused on “Karnataka’s priorities.”

The BJP, however, rejected the show of camaraderie as “pure bunkum,” accusing Congress of trying to paper over an internal power struggle. But Siddaramaiah and Shivakumar insisted their united front would continue — and that there was “no confusion” within the state leadership.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 21,2025

Tejas.jpg

An Indian Air Force (IAF) Tejas fighter jet crashed on Friday, November 21, afternoon during its aerial demonstration at the Dubai Air Show, plunging to the ground at around 2:10 pm local time while performing a manoeuvre before thousands of spectators.

The IAF confirmed the incident, stating that a Tejas aircraft participating in the show had crashed and that further details were being gathered. An Air Force spokesperson said more information would be shared after initial assessments.

The crash sent thick black smoke billowing into the sky near the airport, causing panic among visitors, including families and children who had gathered to watch the display. Authorities have not yet confirmed whether the pilot managed to eject before the aircraft went down. Emergency response teams rushed to the scene, and officials have not released information on casualties or damage so far.

The Tejas is a 4.5-generation, multi-role fighter aircraft developed indigenously by Hindustan Aeronautics Limited (HAL). Designed for versatility, it is capable of offensive air support, close combat, ground attack missions and maritime operations. The aircraft family includes single-seat fighters and twin-seat trainers for both the Air Force and Navy.

HAL describes the latest version, the LCA Mk1A, as the most advanced in the series, featuring an AESA radar, an upgraded electronic warfare suite with radar-warning and self-protection jamming, smart multifunction displays, a digital map generator, a combined interrogator–transponder system and a modern radio altimeter. These enhancements significantly improve the aircraft’s combat capability and survivability.

Further updates from IAF and UAE authorities are awaited.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.