Security researchers have revealed a joint campaign against India’s critical infrastructure including power grid, from Chinese state-sponsored groups.
The attacks which coincided with the standoff between the two countries in May 2020, targeted a total of 12 organizations, out of which 10 are in the power generation and transmission sector.
Among the targets identified are 10 distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand and two seaports – the V.O. Chidambaranar Port and Mumbai Port Trust.
The main among the victims include a power plant run by National Thermal Power Corporation (NTPC) Limited and New Delhi-based Power System Operation Corporation Limited. However, the Power Ministry confirmed that while attempts to breach systems were made, the power sector had not been impacted.
According to the Massachusetts based cybersecurity firm, Recorded Future, the intrusions have been done by a new group dubbed “RedEcho.” The researchers stated that the malware deployed by the threat actor shares strong infrastructure and victimology overlaps with other Chinese groups APT41 (aka Barium, Winnti, or Wicked Panda) and Tonto Team.
There has been border conflicts between India and China since last year after deadly clashes between Indian and Chinese soldiers in Ladakh’s Galwan Valley.
Later, the Indian government has banned more than 200 Chinese apps for allegedly engaging in activities that posed threats to “national security and defense of India, which ultimately impinges upon the sovereignty and integrity of India.”
The standoff between the two countries was also accompanied by increased espionage activity on both sides. The intrusions which began in May 2020 continued throughout the year.
Image Credits : Fair Observer