In the middle of intensifying border tensions between India and China, cybersecurity researchers have discovered a unified campaign against India’s hypercritical infrastructure, including country’s power grid, from Chinese state-sponsored groups.
The attacks, which corresponded with the deadlock between the two nations in May 2020, targeted a total of 12 organizations, 10 of which are in the power generation and transmission division.
“Ten separate Indian power sector firms, inclusive of four out of the five Regional Load Dispatch Centre (RLDC) accountable for operation of the power grid through stabilizing electricity supply and demand, have been recognized as targets in a joint campaign against India’s critical infrastructure,” Recorded Future stated in a report published yesterday. “Other targets identified included 2 Indian seaports.”
Leader amongst the victim involve a power plant under National Thermal Power Corporation Limited (NTPC) and New Delhi-based Power System Operation Corporation Limited.
Fastening the trespass on a new group dubbed “RedEcho,” researcher from the cybersecurity firm’s Insikt Group said the malware posted by the threat actor shares strong infrastructure and victimology overlaps with additional Chinese groups APT41 (also known as Barium, Winnti, or Wicked Panda and Tonto Team).
Early summer last year, Chinese and Indian troops came to blow in a surprise border battle in faraway Galwan Valley, hitting each other to death with rocks and clubs.
Four months after and more than 1,600 kilometers away in Mumbai, trains were shut down and the stock market got closed as the power went out in a city of more than 20 million people. Hospitals had to shift to emergency generators to keep ventilators running amongst a coronavirus upsurge that was among India’s worst.
While initial probe conducted by the cyber department of the western Indian state of Maharashtra discovered the attack to malware recognized at a Padgha-based State Load Despatch Centre, the researchers said that, “the putative link in the middle of the distruption and the detection of the unidentified malware variant still remains unproven.”
“Nevertheless, this revelation provides additional proof suggesting the united targeting of Indian Load Despatch Centres,” they added.
Military authority in India have resumed calls for the government of India, Prime Minister Narendra Modi to replace the Made in China hardware for India’s power sector and its critical rail system.
“The root cause is we still haven’t been able to get rid of our reliance on foreign hardware and software,” General Hooda said.
Indian government authorities have said a review is afoot of India’s information technology contracts, inclusive of Chinese companies.