1. Home
  2. 'Amidst border tension, Chinese hackers targeted India’s power through malware'

'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 29,2025

DKSsiddu.jpg

New Delhi: Karnataka chief minister Siddaramaiah and deputy CM DK Shivakumar on Saturday put up a dramatic display of unity at a closely watched joint press briefing, firmly dismissing weeks of speculation about a power-sharing tussle within the Congress. With the high command nudging both leaders to sit together and settle the dust, the meeting became a political spectacle, ending with the duo declaring that there was “no confusion, no differences.”

Calling the reports of a rift “manufactured confusion,” Siddaramaiah said the talks had gone smoothly, even joking about their breakfast. “Breakfast was very good. All three of us enjoyed it,” he said. “We want to end this confusion once and for all. For local elections and for 2028, our mission is clear — Congress must return to power. There is no difference between me and DKS, not now, not before.”

He blamed the media for fuelling rumours and reiterated absolute adherence to the party leadership. “From tomorrow, let there be no confusion. What the high command says, we will follow.”

Siddaramaiah also assured that the Assembly session starting December 8 would run smoothly and vowed that Congress would take on the BJP and JD(S) “together.”

Shivakumar echoed the chief minister word for word, stressing loyalty and discipline. “People have given us a massive mandate. It is our duty to deliver,” he said. “This government was formed under Siddaramaiah’s leadership. We both have complete trust in the high command. If they tell me to wait, I will wait.”

He added that the two leaders had discussed strategy for the 2028 Assembly elections. “Whatever the CM says, I agree. We are loyal soldiers of the party. The party may be facing challenges nationally, but we will keep it strong in Karnataka.”

Shivakumar also said Siddaramaiah would soon visit his home for lunch or dinner — another symbolic gesture meant to underline their unity.

Both leaders later posted on social media describing the breakfast meeting as “productive” and focused on “Karnataka’s priorities.”

The BJP, however, rejected the show of camaraderie as “pure bunkum,” accusing Congress of trying to paper over an internal power struggle. But Siddaramaiah and Shivakumar insisted their united front would continue — and that there was “no confusion” within the state leadership.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 27,2025

siddDKS.jpg

Congress president Mallikarjun Kharge on Thursday announced that he will convene a high-level meeting in New Delhi with senior leaders — including Rahul Gandhi, Karnataka Chief Minister Siddaramaiah and Deputy Chief Minister D.K. Shivakumar — to resolve the escalating leadership turmoil in Karnataka and “put an end to the confusion.”

Kharge said the discussions would focus on the way forward for the ruling party, as rumours of a possible leadership change continue to swirl. The speculation has intensified after the Congress government crossed the halfway mark of its five-year term on November 20, reviving talk of an alleged 2023 “power-sharing agreement” between Siddaramaiah and Shivakumar.

“After reaching Delhi, I will call three or four important leaders and hold discussions. Once we talk, we will decide how to move ahead and end this confusion,” Kharge told reporters in Bengaluru, according to PTI.

When asked specifically about calling Siddaramaiah and Shivakumar to Delhi, he responded: “Certainly, we should call them. We will discuss with them and settle the issue.”

He confirmed that Rahul Gandhi, the Chief Minister, the Deputy Chief Minister and other senior members would be part of the deliberations. “After discussing with everyone, a decision will be made,” he said.

Meanwhile, Siddaramaiah held a separate strategy meeting at his Bengaluru residence with ministers and leaders seen as his close confidants, including G. Parameshwara, Satish Jarkiholi, H.C. Mahadevappa, K. Venkatesh and K.N. Rajanna.
Signalling calm, the Chief Minister told reporters, “Will go to Delhi if the high command calls.”

Shivakumar echoed a similar stance, saying he too would head to the national capital if summoned by the party leadership.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 21,2025

israel.jpg

Local authorities say the Israeli military has expanded the so-called “yellow line” truce demarcation in Gaza City and repositioned its forces deeper into the territory in violation of a ceasefire agreement that came into force on October 10, besieging dozens of Palestinian families.

Gaza’s Government Media Office announced in a statement on Thursday that Israeli forces widened the boundary by shifting the markers, and advanced roughly 300 meters (984 feet) into the neighborhoods of Ash-Shaaf, An-Nazzaz and Baghdad Street.

The move pushed further into civilian areas, trapping families who were unable to flee as tanks rolled forward, it added.

“The fate of many of these families remains unknown amidst the shelling that targeted the area,” the office said, adding that the expansion of the yellow line shows a “blatant disregard” for the ceasefire deal.

On Friday, sources said the Israeli military carried out continued air and artillery strikes inside the so-called “yellow line” east of Khan Younis in the southern Gaza Strip.

According to the reports, Israeli warplanes and tanks targeted areas within the zone. One Palestinian was reported killed and several others wounded in the strikes, the sources said.

The fresh aggression came only a day after 25 Palestinians were killed in Israeli airstrikes on Gaza City and Khan Younis on Wednesday.

The media office reported that Israel has consistently violated the truce deal since its implementation last month, with near-daily attacks by air, artillery and direct shootings.

The office said over 400 violations have been documented. These breaches have resulted in the deaths of more than 300 Palestinians and left hundreds injured.

The Government Media Office in Gaza urged the guarantors of the ceasefire — the US, Egypt, Qatar and Turkey — to take swift action to halt the ongoing violations and facilitate the delivery of food, shelter materials, medical aid, and infrastructure equipment.

The so-called “yellow line,” set out in the agreement between Israel and Hamas resistance movement, refers to a non-physical partition where the Israeli military repositioned itself when the truce deal took effect.

It has allowed Israel, which routinely fires at Palestinians who approach the line, to retain control over more than half of the Gaza Strip.

International bodies, including the UN Independent International Commission of Inquiry, the International Association of Genocide Scholars, Amnesty International, Human Rights Watch, B’Tselem, and other rights groups, have concluded that the Israeli war on Gaza amounts to genocide.

In the attacks in Gaza since October 2023, Israel has killed at least 69,546 people and injured 170,833 others, leveling large swaths of the territory and displacing almost all of the population. 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.