[ad_1]
“10 distinct Indian power sector organisations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the
through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included 2 Indian seaports,” said Enterprise security firm Recorded Future in the study, which detailed a series of suspected targeted intrusions against India’s power sector that were observed beginning in mid-2020.
The New York Times on Monday linked the massive power outage in Mumbai on October 12 last year to the cyber attack by the Chinese linked hackers, saying “Maharashtra officials have gone quiet after initially determining that the code was most likely Chinese.”
The firm’s threat research arm, Insikt Group said that a China-linked group called ‘RedEcho’ targeting India’s electricity system possibly indicates a sustained strategic intent to access India’s energy infrastructure.
On October 12 last year, Mumbai faced a massive power outage that lasted for a few hours starting from 10 am, however, the issue was resolved by noon. Recorded Future sent its findings to India’s Computer Emergency Response Team, or CERT-In. The receipt of the information was acknowledged twice, but added that CERT said nothing about whether it found the same code in the electric grid as well, NYT said. ET has sent a mail to CERT-IN for its comments.
The RedEcho group, cited by the security firm in this case allegedly used infrastructure shared between several Chinese threat activity groups popularly known as ‘APT41/Barium’, ‘Tonto team’, ‘the Icefog cluster’, ‘KeyBoy’, and ‘Tick’. Recorded Future’s study added that the intrusions overlap with previous Indian energy sector targeting by Chinese threat activity groups in 2020 that also used the same infrastructure.
While the network access to regional load despatch centres provide minimal benefit for economic espionage objectives”, Recorded Future believes the access is of strategic interest to allow for the “pre-positioning” of potential scenarios like sending a “robust signalling message as a “show of force”, swaying public opinion during a diplomatic confrontation and to support potential future disruptive cyber operations against critical infrastructure.”
However, the study said that “at this time the alleged link between the outage and the discovery of the unspecified malware” in the system “remains unsubstantiated.” But added that “additional evidence suggested the coordinated targeting of the Indian load dispatch centers.”
The firm believes that computer network operations (CNO) targeting strategically important organisations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.
“The impact of a cyber-attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organisation and across a nation,” Christopher Ahlberg, CEO and Co-Founder, Recorded Future said.
[ad_2]
Source link