Related
Chinese linked cyber hackers targeted state and centre power distribution organisations in mid-2020 during the peak of India China standoff in Ladakh, a US security research firm said in a report on Monday.
"10 distinct Indian power sector organisations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included 2 Indian seaports," said Enterprise security firm Recorded Future in the study, which detailed a series of suspected targeted intrusions against India’s power sector that were observed beginning in mid-2020.
The New York Times on Monday linked the massive power outage in Mumbai on October 12 last year to the cyber attack by the Chinese linked hackers, saying "Maharashtra officials have gone quiet after initially determining that the code was most likely Chinese."
The firm’s threat research arm, Insikt Group said that a China-linked group called ‘RedEcho’ targeting India’s electricity system possibly indicates a sustained strategic intent to access India’s energy infrastructure.
On October 12 last year, Mumbai faced a massive power outage that lasted for a few hours starting from 10 am, however, the issue was resolved by noon. Recorded Future sent its findings to India’s Computer Emergency Response Team, or CERT-In. The receipt of the information was acknowledged twice, but added that CERT said nothing about whether it found the same code in the electric grid as well, NYT said. ET has sent a mail to CERT-IN for its comments.
The RedEcho group, cited by the security firm in this case allegedly used infrastructure shared between several Chinese threat activity groups popularly known as ‘APT41/Barium’, ‘Tonto team’, ‘the Icefog cluster’, ‘KeyBoy’, and ‘Tick’. Recorded Future’s study added that the intrusions overlap with previous Indian energy sector targeting by Chinese threat activity groups in 2020 that also used the same infrastructure.
While the network access to regional load despatch centres provide minimal benefit for economic espionage objectives”, Recorded Future believes the access is of strategic interest to allow for the “pre-positioning” of potential scenarios like sending a “robust signalling message as a “show of force”, swaying public opinion during a diplomatic confrontation and to support potential future disruptive cyber operations against critical infrastructure.”
However, the study said that “at this time the alleged link between the outage and the discovery of the unspecified malware” in the system “remains unsubstantiated.” But added that “additional evidence suggested the coordinated targeting of the Indian load dispatch centers.”
The firm believes that computer network operations (CNO) targeting strategically important organisations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.
"The impact of a cyber-attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organisation and across a nation," Christopher Ahlberg, CEO and Co-Founder, Recorded Future said.
"10 distinct Indian power sector organisations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included 2 Indian seaports," said Enterprise security firm Recorded Future in the study, which detailed a series of suspected targeted intrusions against India’s power sector that were observed beginning in mid-2020.
The New York Times on Monday linked the massive power outage in Mumbai on October 12 last year to the cyber attack by the Chinese linked hackers, saying "Maharashtra officials have gone quiet after initially determining that the code was most likely Chinese."
The firm’s threat research arm, Insikt Group said that a China-linked group called ‘RedEcho’ targeting India’s electricity system possibly indicates a sustained strategic intent to access India’s energy infrastructure.
On October 12 last year, Mumbai faced a massive power outage that lasted for a few hours starting from 10 am, however, the issue was resolved by noon. Recorded Future sent its findings to India’s Computer Emergency Response Team, or CERT-In. The receipt of the information was acknowledged twice, but added that CERT said nothing about whether it found the same code in the electric grid as well, NYT said. ET has sent a mail to CERT-IN for its comments.
The RedEcho group, cited by the security firm in this case allegedly used infrastructure shared between several Chinese threat activity groups popularly known as ‘APT41/Barium’, ‘Tonto team’, ‘the Icefog cluster’, ‘KeyBoy’, and ‘Tick’. Recorded Future’s study added that the intrusions overlap with previous Indian energy sector targeting by Chinese threat activity groups in 2020 that also used the same infrastructure.
While the network access to regional load despatch centres provide minimal benefit for economic espionage objectives”, Recorded Future believes the access is of strategic interest to allow for the “pre-positioning” of potential scenarios like sending a “robust signalling message as a “show of force”, swaying public opinion during a diplomatic confrontation and to support potential future disruptive cyber operations against critical infrastructure.”
However, the study said that “at this time the alleged link between the outage and the discovery of the unspecified malware” in the system “remains unsubstantiated.” But added that “additional evidence suggested the coordinated targeting of the Indian load dispatch centers.”
The firm believes that computer network operations (CNO) targeting strategically important organisations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.
"The impact of a cyber-attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organisation and across a nation," Christopher Ahlberg, CEO and Co-Founder, Recorded Future said.
Read More News on
Download The Economic Times News App to get Daily Market Updates & Live Business News.
3 Comments on this Story
 | Mathew Varghese17 minutes ago That is why we citizens of India were not worried, because we knew our Govt was aware of the hacking & so our Indian hackers launched a counter attack by targeting Chinese companies. So in the end good to know neither China or India won & it was a draw result. |
 | Sivaramakrishnan Sundaram20 minutes ago Indian IT is only a service provider and is more like a work of copy and paste. Very few are actually capable of complex programming work, leave aside cryptography and security. |
 | Shyam Sunder33 minutes ago What are the famed Indian IT experts doing to counter such attacks? It is time India invests heavily in cyber warfare through small and big Indian tech companies. We need to not just counter such attacks but be able to launch our own attacks with even bigger impact. |