A cyber intelligence company says it has found that hackers linked to China have infiltrated power systems and ports in India in a “show of force” and they have the ability to create disruptions.
The company, Recorded Future, warned, “As bilateral tensions continue to rise, we expect to see a continued increase in cyber operations being conducted by China-linked groups such as RedEcho in line with national strategic interests.”
In the report made available to IANS, Recorded Future said that the intrusions “pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives”.
The incursions could also be “a precursor to kinetic escalation” — that is, preparing for possible cyberattacks on infrastructure by planting malware.
The report said that the intruders into the Indian networks used a malware called ShadowPad to set up a backdoor for them to enter the system, which was also used by other Chinese espionage teams.
The RedEcho group linked to the intrusions into India shared characteristics with Chinese groups APT41/Barium and Tonto Team, the report noted.
It said that in September the US government filed charges against five Chinese APT41 and linked it to the front company Chengdu 404 Network Technology.
The report said, “One of the accused previously claimed to be ‘very close’ to the MSS (Chinese Ministry of State Security), continuing an established trend of Chinese private contractors and front companies conducting cyber espionage activity on behalf of the MSS. Conversely, Tonto Team has been linked to the PLA (Peoples Liberation Army), specifically the Shenyang Military Region Technical Reconnaissance Bureau.”
Recorded Future linked the intrusions to the recent border tension between the two countries and identified ten Indian power generation and transmission organisations and two ports that it said were targeted.
The company said that it had “notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations”.
The report said that India was also involved in cyber espionage and that it had “observed the suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020”.
Even though India and China recently agreed to deescalate the border tensions, “cyber operations continue to provide countries with a potent asymmetric capability to conduct espionage or pre-position within networks for potentially disruptive reasons”, the report said.
Recorded Future said that the critical Indian infrastructures targeted “have limited economic espionage opportunities” and therefore “they pose significant concerns” that they were being set up for China’s strategic objectives.
The regional load despatch centres (LDC) for southern, western, eastern and northeastern regions, the state LDCs in Delhi and Telangana, the National Thermal Power Corporation’s Kudgi super thermal power station in Karnataka were targeted, according to Recorded Future.
The LDCs coordinate the distribution and transmission of power and ensure the smooth availability of electricity.
The two ports are the Mumbai Port Trust and VO Chidambaranar Port in Thoothukudi, Tamil Nadu, according to the report.
In October there was a massive power outage in Mumbai because the Padgha Load Despatch Centre in Thane District had tripped. The Recorded Future report noted that local media had linked it to malware found at the facility.