Chinese hackers infiltrated India's Power sector, warns Cyber Intel Firm

NEW YORK: A cyber intelligence company says it has found that hackers linked to China have infiltrated power systems and ports in India in a "show of force" and they have the ability to create disruptions.

The company, 'Recorded Future', warned, "As bilateral tensions continue to rise, we expect to see a continued increase in cyber operations being conducted by China-linked groups such as 'RedEcho' in line with national strategic interests."

In the report, 'Recorded Future' said that the intrusions "pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives".

The incursions could also be "a precursor to kinetic escalation" — that is, preparing for possible cyberattacks on infrastructure by planting malware.

The report further said that the intruders into the Indian networks used a malware called 'ShadowPad' to set up a backdoor for them to enter the system, which was also used by other Chinese espionage teams.

The 'RedEcho' group linked to the intrusions into India shared characteristics with Chinese groups APT41/Barium and Tonto Team, noted the report.

It also said that in September, the US government filed charges against five Chinese APT41 and linked it to the front company Chengdu 404 Network Technology.

The report said, "One of the accused previously claimed to be 'very close' to the MSS (Chinese Ministry of State Security), continuing an established trend of Chinese private contractors and front companies conducting cyber espionage activity on behalf of the MSS. Conversely, Tonto Team has been linked to the PLA (Peoples Liberation Army), specifically the Shenyang Military Region Technical Reconnaissance Bureau."

'Recorded Future' linked the intrusions to the recent border tension between the two countries and identified ten Indian power generation and transmission organisations and two ports that it said were targeted.

The company said that it had "notified the appropriate Indian government departments prior to publication of the suspected intrusions to support incident response and remediation investigations within the impacted organisations".

The report also said that India was also involved in cyber espionage and that it had "observed the suspected Indian State-sponsored group Sidewinder target Chinese military and government entities in 2020".

Even though India and China recently agreed to deescalate the border tensions, "cyber operations continue to provide countries with a potent asymmetric capability to conduct espionage or pre-position within networks for potentially disruptive reasons", said the report.

'Recorded Future' said that the critical Indian infrastructures targeted "have limited economic espionage opportunities" and therefore "they pose significant concerns" that they were being set up for China's strategic objectives.

The regional load despatch centres (LDC) for southern, western, eastern and north-eastern regions, the State LDCs in Delhi and Telangana, the National Thermal Power Corporation's Kudgi super thermal power station in Karnataka were targeted, according to Recorded Future.

The LDCs coordinate the distribution and transmission of Power and ensure the smooth availability of electricity.

The two ports are the Mumbai Port Trust and VO Chidambaranar Port in Thoothukudi, Tamil Nadu, according to the report.

In October there was a massive Power outage in Mumbai because the Padgha Load Despatch Centre in Thane District had tripped. The 'Recorded Future' report noted that local media had linked it to malware found at the facility. (IANS)

Also Read: BJP writes to Kolkata Police Commissioner Alleging Proxy Vote 'Plot'

Also Watch: All Assam Gorkha Students' Union AAGSU stages protest at Digboi