The US firm which has warned of Chinese attacks on India’s power grid systems, said on Wednesday that least one connection opened by Beijing’s state-sponsored hackers into the network system of an Indian port is still active, Bloomberg said in a report. Recorded Future said authorities are blocking attempts to penetrate India’s electrical sector.
Stuart Solomon, the firm’s chief operating officer said they could see a ‘handshake’ – which is an indication of an exchange of traffic – between a China-linked group and an Indian maritime port. Calling the group ‘Red Echo’, the firm said it had targeted as many as 10 entities under India’s power grid as well as two maritime ports when Recorded Future first notified India’s Computer Emergency Response Team on February 10. Solomon said most of these connections were still operational as recently as February 28.
“There’s still an active connection between the attacker and the attackee. It’s still happening,” Solomon told Bloomberg, referring to the port.
Chinese Foreign Ministry spokesman Wang Wenbin said without any proof, slandering a specific side was “irresponsible behavior and an ill-intentioned one”.
The cyber-attack attempt assumes significance as it comes at a time when a US newspaper reported recently that the 2020 power blackout in Mumbai was due to a China-based cyber-attack. Computer networks of at least 12 Indian state-run organisations, primarily power utilities and load dispatch centres, have been targeted by Chinese state-sponsored groups since mid-2020 in an attempt to inject malware that could cause widespread disruptions, the study by Recorded Future had revealed.
According to the US-based company that monitors the use of the internet by state actors for cyber-campaigns, NTPC Limited, the country’s largest power conglomerate; five primary regional load dispatch centres that aid in the management of the national power grid by balancing electricity supply and demand; and two ports were among the organisations attacked.
The activity appears to have started well before the May 2020 clashes between Indian and Chinese troops that triggered the border standoff along the Line of Actual Control in eastern Ladakh, the report said. It further stated, there was a “steep rise” in the use of a particular software by Chinese organisations to target “a large swathe of India’s power sector” from the middle of last year.
Recorded Future has not made any connection between the traffic observed under RedEcho and the Mumbai outage. “It’s not unusual to see this type of technique used by nation states as an instrument of national power,” Solomon, however, said.
He added that this could be “as simple as trying to drive influence operations to be able to signal either to the people or the government that at any given time they have leverage that can be used against them.”
According to Solomon, the 10 entities RedEcho infiltrated account for “nearly 80% of India’s land mass from an electricity-coverage perspective” and could have remained unexposed and undetected until they were “needed as leverage”. He said if it was “meant to take down the lights, it would have taken down the lights, but it did not.”
Source: News18