1. Home
  2. 'Amidst border tension, Chinese hackers targeted India’s power through malware'

'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 19,2026

trump.jpg

Donald Trump has linked his repeated threats to seize Greenland to his failure to win the Nobel Peace Prize, in a letter to Norwegian Prime Minister Jonas Gahr Støre.

The authenticity of the letter, in which Trump says he no longer feels obligated to “think purely of peace,” was confirmed by Støre to the Norwegian newspaper VG.

“Considering your country decided not to give me the Nobel Peace Prize for having stopped eight wars plus, I no longer feel an obligation to think purely of peace,” Trump wrote, adding he can now “think about what is good and proper for the United States.”

Støre said Trump’s letter was in response to a short message he had sent earlier, on behalf of himself and Finland’s President Alexander Stubb.

Trump has escalated rhetoric toward Greenland, a self-governing Danish territory, insisting the US will take control “one way or the other.” Over the weekend, he tweeted: “Now it is time, and it will be done!!!”

On Saturday, Trump threatened a 10% tariff on imports from Denmark, Norway, Sweden, France, Germany, the UK, the Netherlands, and Finland from 1 February until the US is allowed to purchase the island. EU diplomats met for emergency talks on possible retaliatory tariffs and sanctions.

In his letter, Trump argued Denmark “cannot protect” Greenland from Russia or China, questioning Danish ownership: “There are no written documents; it’s only that a boat landed there hundreds of years ago.” He added that NATO should support the US, claiming the world is “not secure unless we have complete and total control of Greenland.”

Trump’s stance has unsettled the EU and NATO, as he refused to rule out military action to take control of the mineral-rich island.

The Nobel Peace Prize is awarded by the independent Norwegian Nobel Committee, not the government. Trump had campaigned for last year’s prize, which went to Venezuelan opposition leader María Corina Machado, who dedicated her award to him.

Støre reiterated that the Nobel Prize decision rests solely with the committee.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 23,2026

modIKERALA.jpg

Prime Minister Narendra Modi, during his visit to Thiruvananthapuram on Friday, January 23, indicated that the Bharatiya Janata Party (BJP) is aiming to expand its political footprint in Kerala ahead of the Assembly elections scheduled in the coming months.

Speaking at a BJP-organised public meeting, Modi drew parallels between the party’s early electoral gains in Gujarat and its recent victory in the Thiruvananthapuram Municipal Corporation. The civic body win, which ended decades of Left control, was cited by the Prime Minister as a possible starting point for the party’s broader ambitions in the state.

Recalling BJP’s political trajectory in Gujarat, Modi said the party was largely insignificant before 1987 and received little media attention. He pointed out that the BJP’s first major breakthrough came with its victory in the Ahmedabad Municipal Corporation that year.

“Just as our journey in Gujarat began with one city, Kerala’s journey has also started with a single city,” Modi said, suggesting that the party’s municipal-level success could translate into wider electoral acceptance.

The Prime Minister alleged that successive governments led by the Left Democratic Front (LDF) and the United Democratic Front (UDF) had failed to adequately develop Thiruvananthapuram. He accused both fronts of corruption and neglect, claiming that basic infrastructure and facilities were denied to the capital city for decades.

According to Modi, the BJP’s control of the civic body represents a shift driven by public dissatisfaction with the existing political alternatives. He asserted that the BJP administration in Thiruvananthapuram had begun working towards development, though no specific details or timelines were outlined.

Addressing the gathering at Putharikandam Maidan, Modi said the BJP intended to project Thiruvananthapuram as a “model city,” reiterating his party’s commitment to governance-led change.

The Prime Minister’s visit to Kerala also included the inauguration of several development projects and the flagging off of new train services, as the BJP intensifies its political outreach in the poll-bound state.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 20,2026

iran.jpg

Iranian security and intelligence forces have captured more than 470 individuals in three provinces, identified as key figures behind the recent wave of violent unrest and terrorist activities linked to foreign-backed networks.

The Intelligence Ministry's provincial office in Khorasan Razavi announced on Monday the arrest of 192 armed terrorists, identified as the main agents behind recent riots in the region. 

According to an official statement, the detainees were involved in the killing of several security personnel and civilians, setting fire to mosques, public service facilities, and buses, as well as attacks on military and law enforcement centers.

The seized items from the group include several bulletproof vests, Kalashnikov rifles, hunting weapons, Winchester rifles, and various cold weapons such as daggers, swords, brass knuckles, tactical knives, crossbows, and chains.

Evidence indicates that some of the individuals were tied to hostile movements and terrorist organizations, with links overseas. Others were identified as members of violent criminal gangs, actively taking part in the unrest alongside their associates.

Simultaneously, in the western province of Lorestan, the IRGC announced the arrest of 134 individuals as the main leaders and influential field agents of a US-Israeli terrorist network.

The IRGC statement stated that these individuals formed terrorist cells during the recent unrest, committing "Daesh-like" acts.

They wounded security forces with firearms and cold weapons, and burned and destroyed public and private properties, including mosques, shops, banks, and private and public vehicles.

In the northwestern province of Zanjan, the police reported detaining 150 people identified as principal leaders and agents behind recent riots.

Authorities noted that these individuals were responsible for destroying public and private property and intentionally setting fire to vehicles in the province's squares.

Their crimes include shedding the blood of innocent people, destroying public and private property, attempting to enter military sites, disrupting public order, and spreading terror among citizens.

A variety of cold weapons were reportedly seized from the detainees.

What began late last month as peaceful protests over economic hardship across Iran turned violent after public statements by US and Israeli regime figures encouraged vandalism and disorder.

During the unrest, foreign-backed mercenaries rampaged through cities, killing security forces and civilians and damaging public property.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.