'Amidst border tension, Chinese hackers targeted India’s power through malware'

Agencies
March 1, 2021

Amidst heightened border tension, Chinese hackers targeted India's power  through malware: US firm | Law-Order

Washington, Mar 1: Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India's critical power grid system through malware, a US company has claimed in its latest study, raising suspicion whether last year's massive power outage in Mumbai was a result of the online intrusion.

Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.

The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis.

Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common open-source tools and techniques, the report said.

On October 12, a grid failure in Mumbai resulted in massive power outages, stopping trains on tracks, hampering those working from home amidst the COVID-19 pandemic and hitting the stuttering economic activity hard.

It took two hours for the power supply to resume for essential services, prompting Chief Minister Uddhav Thackeray to order an enquiry into the incident.

In its report, Recorded Future notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations.

There was no immediate response from the Indian government on the study by the US company.

Since early 2020, Recorded Future's Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.

The New York Times, in a report, said that the discovery raises the question about whether the Mumbai outage was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

According to the Recorded Future report, from mid-2020 onwards, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India's power sector.

Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure.

Other targets identified included two Indian seaports, it said.

According to the report, the targeting of Indian critical infrastructure offers limited economic espionage opportunities.

However, we assess they pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives, it said.

Pre-positioning on energy assets may support several potential outcomes, including geostrategic signalling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation, Recorded Future said.

RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least five distinct Chinese groups, it said.

The high concentration of IPs (Internet Protocols) resolving to Indian critical infrastructure entities communicating over several months with a distinct subset of AXIOMATICASYMPTOTE servers used by RedEcho indicate a targeted campaign, with little evidence of wider targeting in Recorded Future's network telemetry, it said.

Recorded Future said that in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.

The PlugX activity included the targeting of multiple Indian government, public sector and defence organisations from at least May 2020, it said.

While not unique to Chinese cyber espionage activity, PlugX has been heavily used by China-nexus groups for many years.

Throughout the remainder of 2020, we identified a heavy focus on the targeting of Indian government and private sector organisations by multiple Chinese state-sponsored threat activity groups, it said.

In its report, Recorder Future alleged that it also observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020, in activity overlapping with recent Trend Micro research.

The Massachusetts-based company's report came as the armies of the two countries began disengagement of troops locked in over eight-month-long standoff in eastern Ladakh.

Both countries reached a mutual agreement last month for the disengagement of troops from the most contentious area of North and South banks of the Pangong Lake.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 10,2024

gazajournalists.jpg

The media office in the Gaza Strip, where the Israeli regime has been waging a genocidal war since last October, says as many as 188 Palestinian journalists have been killed since the onset of the brutal military onslaught.

The office provided the figure on Saturday, naming four journalists as the most recent victims of the onslaught.

It identified the foursome as Zahraa Mohammad Abu Sukheil, Ahmad Mohammad Abu Sukheil, Mustafa Khadr Bahar, and Abdel Rahman Khadr Bahar.

The office said it “strongly condemns the targeting, killing, and assassination of Palestinian journalists by the Israeli occupation and holds it fully responsible for committing this heinous crime.”

“We call on the international community, international organizations, and those involved in journalistic work worldwide to take action against the occupation, pursue it in international courts for its ongoing crimes, and pressure it to halt the genocide and the targeted killings of Palestinian journalists,” it said.

Earlier in the day, the office said the Israeli regime had bombed the tents sheltering journalists and displaced persons at the al-Aqsa Martyrs' Hospital in the city of Deir al-Balah in central Gaza for the ninth consecutive time.

The atrocity that claimed the lives of two people and injured 26 others came as part of “the genocidal crimes committed by the Israeli occupation army against hospitals, civilians, and displaced persons,” it said.

The media office held the regime and the United States, its biggest ally, as well as other countries aiding the genocide fully responsible for such systematic crimes.

At least 43,552 Palestinians, mostly women and children, have been killed and 102,765 others wounded since the launch of the war that followed a retaliatory operation by Gaza’s resistance groups.

The fatalities include 44 people, who were killed across the coastal sliver, in the most recent phase of the military onslaught.

As many as 24 of the victims were killed in the northern part of the territory, where the regime has markedly intensified its deadly attacks for weeks.

They included an eight-year-old child and a five-year-old one, who lost their lives after Israeli warplanes targeted a group of minors filling up jerry cans with water alongside their mother at the Jabalia Refugee camp.

Gaza’s heath ministry, meanwhile, said a number of victims remained under the rubble and in the streets following Israeli airstrikes, saying ambulances and civil defense teams could not reach them due to the sheer extent of the destruction caused by the raids and obstruction caused by the regime.

Also on Saturday, the Integrated Food Security Phase Classification (IPC) report, a United Nations-backed assessment, warned that famine was looming in northern Gaza amid escalated Israeli aggression and the regime’s near-total siege of the targeted areas.

The alert from the Famine Review Committee warned of "an imminent and substantial likelihood of famine occurring, due to the rapidly deteriorating situation in the Gaza Strip."

On October 17, the body projected that the number of people in Gaza facing "catastrophic" food insecurity between November and April 2025 would reach 345,000, or 16 percent of the population.

The IPC report classified that figure as Phase 5 -- a situation when "starvation, death, destitution, and extremely critical acute malnutrition levels are evident."

The Israeli military, however, questioned the report's credibility.

"To date, all assessments by the IPC have proven incorrect and inconsistent with the situation on the ground," the army said in a statement, denouncing "partial, biased data and superficial sources with vested interests."

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
November 22,2024

Mangaluru: A man fell victim to an online scam, losing Rs 1.7 crore after fraudsters posed as officials from TRAI. According to a complaint filed at the CEN police station, the incident began on November 11, when the complainant received a call from an unknown number at 9:49 am.

The caller, claiming to represent TRAI, alleged that another mobile number registered under the complainant's name was involved in illegal activities in Andheri (East), Mumbai. The caller further stated that an FIR was lodged against the complainant for harassment under the guise of marketing. He was instructed to contact Andheri (East) police station immediately or risk his mobile service being deactivated within two hours.

The complainant was subsequently connected to an individual named Pradeep Sawant, who claimed the complainant was implicated in a money laundering scheme linked to the Naresh Goyal fraud case. Sawant alleged that a fraudulent bank account under the complainant's name was opened at Canara Bank, Andheri, and used to purchase a SIM card for illegal activities. He warned that the complainant could face arrest.

Later, the complainant was contacted via WhatsApp video call by individuals posing as Rahul Kumar (a police officer) and Akanksha (a CBI officer). They allegedly sent fabricated CBI documents to his WhatsApp number. The fraudsters demanded money to "resolve" the case. Fearing threats, the complainant allegedly transferred Rs 1.7 crore through RTGS in batches of Rs 53 lakh, Rs 74 lakh, and Rs 44 lakh between November 13 and 19. A case has been registered at the CEN police station and an investigation is ongoing.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.