'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power  through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 19,2024

vikramgowda.jpg

The Karnataka Police’s Anti-Naxal Force (ANF) achieved a major breakthrough on Monday night by eliminating Vikram Gowda, one of Karnataka’s most wanted Naxal leaders for over two decades. The encounter occurred in the dense Kabbinale forest of Udupi district, marking a significant victory against Naxal insurgency in the region.

Who Was Vikram Gowda?

Hailing from Hebri in Udupi, Vikram Gowda, 44, was a prominent figure in the Naxal movement. He went underground in 2002, initially serving as a courier and fund collector before rising to lead a breakaway Naxal group. Despite having only a fourth-grade education, he was a staunch advocate for tribal rights and a key player in the movement’s survival in Karnataka.

Bounty: ₹3 lakh from Karnataka and ₹50,000 from Kerala.

Legacy: The last major Naxal leader in Karnataka after the 2021 arrest of B G Krishnamurthy.

The Encounter

Police revealed that Gowda and his team visited Kabbinale village to collect groceries on Monday night. Acting on a tip-off, ANF ambushed the group. When the Naxals opened fire, ANF responded, leading to Gowda's death.

Escapees: Three Naxals fled, including prominent members Latha (aka Mundgaru Latha) and Raju.

Significance: This was the first Naxal casualty in Karnataka in over two decades.

Home Minister G. Parameshwara confirmed the operation, stating, “Gowda was elusive for 20 years, escaping multiple encounters. His death is a critical step in dismantling Naxal operations in the region.”

The Decline of Naxal Activity in Karnataka

Karnataka's Naxal movement has been dwindling, with members seeking refuge in Kerala and Tamil Nadu. The group’s strength had reduced to just 19 members by 2018, but recent sightings indicate attempts at revival:

2023 Activity: Reports of Gowda-led movements in the Kodagu and Hassan districts reignited concerns.

Political Heat: The BJP criticised the Congress government, alleging it created a “safe haven” for Naxals.

A Glimpse into Gowda’s Past

Personal Life: Gowda’s ex-wife, Savitri (alias Rajita), was arrested in 2021. She was a senior Naxal commander involved in insurgency since 2004.
Rehabilitation Efforts: Since 2013, Karnataka’s rehabilitation policy has seen 14 Naxals surrender and reintegrate into mainstream society.

A Milestone in Karnataka’s Fight Against Insurgency

The operation signifies a decisive blow to Naxal resurgence in the Western Ghats. While the ANF continues its search for escapees, the Karnataka government reaffirmed its commitment to offering rehabilitation to those willing to surrender.

As Karnataka celebrates this triumph, the message is clear: there is no room for insurgency in the state.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 12,2024

gazaresistence.jpg

The Palestinian Hamas resistance movement says its fighters have killed at least 20 Israeli soldiers in northern parts of the besieged Gaza Strip in just two days, in retaliation for the occupying regime’s genocidal war on the Palestinian territory.

In a statement on Monday evening, Hamas said that fighters of its military wing, al-Qassam Brigades, “killed at least five occupation soldiers” in northern parts of the coastal territory earlier in the day.

It added that Hamas fighters also killed 15 Israeli soldiers in the war-ravaged region on Sunday.

The resistance movement’s “qualitative operation … confirms once again the failure of the criminal Zionist entity to suppress and eradicate the Palestinian resistance, which continues to direct qualitative strikes against its terrorist soldiers,” Hamas further said on its Telegram channel.

Palestinians have increased their resistance operations in the face of intensified Israeli aggression in northern Gaza that has claimed the lives of more than 1,000 over the past weeks.

“Our valiant resistance is waging a war of attrition with the criminal enemy, inflicting daily losses on its soldiers and vehicles, and all of [Israeli prime minister Benjamin] Netanyahu’s bets and dreams of achieving any of his goals are failing,” the Gaza-based resistance movement added.

Hamas also vowed that Israel’s ongoing crimes and aggression against Gaza would be met with increased resistance and painful strikes, which will continue until the aggression against Palestinians ends and the regime fully withdraws from the blockaded territory.

As the war in Gaza enters its 14th month, the Health Ministry reports that Israeli attacks have killed at least 43,603 Palestinians and wounded 102,929 others.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 12,2024

HDKzameer.jpg

Mysuru, Nov 12: Zameer Ahmad Khan, the Tourism and Waqf minister of Karnataka, who stirred a controversy by addressing the Union Minister HD Kumaraswamy as ‘Kaala Kumaraswamy’ has tendered apologies for his remarks.

Speaking to reporters in Mysuru on Tuesday, Minister Zameer stated that he will apologise if remarks have hurt JD-S workers.

“We both are very close. Then, in a total of 24 hours, we were together for 14 hours. He used to fondly address me as “kulla” (shorty) and I used to address him as “kariyanna” (blacky, kaalia),” Minister Zameer stated.

“I am not addressing him as ‘kaalia’ for the first time. I have not said something highly derogatory. It is being made as big in the backdrop of elections. With love, he used to call me a shorty and I called him a blacky. If I had caused pain to anyone by my words I apologise,” he said.

He further stated: “Kumaraswamy had said that he didn’t want the votes of the Muslim community. But now they are attempting to purchase Muslim votes. Against this backdrop, I have made the remark.”

Minister for Home G. Parameshwara stated on Tuesday, “Minister Zameer and Kumaraswamy are close friends. Their comments against each other are not significant.”

Zameer Ahmad Khan, the Tourism and Waqf minister of Karnataka stirred a controversy on Monday as he addressed the Union Minister as ‘Kaala Kumaraswamy’.

JD-S on Tuesday demanded a public apology and resignation of Minister for Waqf and Tourism Zameer Ahmad Khan over his ‘racist’ remarks.

“Remember, there is no place here for your divisive policies. You have insulted the people by making ethnic, racist and discriminatory statements. You should apologize to the people of the state and resign,” the JD (S) demanded in the post.

Union Parliamentary Affairs and Minister for Minority Affairs Kiren Rijiju reacted sternly to the racist jibe and stated, “I strongly deplore Congress Minister Zameer Ahmed calling Union Minister and former Chief Minister of Karnataka Kumaraswamy as 'Kaalia Kumaraswamy'.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.