The study shows that Chinese malware flowed into systems that manage power supplies across India.
New Delhi:
China may have targeted power installations across India last year amid hostilities at the border, according to a new study. A massive blackout in Mumbai in October, which stopped trains and closed hospitals and the stock market for hours, may have been linked to these activities by a group of Chinese hackers, says the report that has been shared with the government.
The study shows that alongside tensions in Ladakh, which escalated in June with the clash in the Galwan Valley in which 20 Indian soldiers were killed across the country, Chinese malware was flowing into systems that manage power supplies across the country. India.
China-linked threat activities group RedEcho may have planted malware at key power plants in India, the study first reported by the New York Times said. Links to the Mumbai power outage “provide additional evidence suggesting the coordinated targeting of India’s Freight Dispatch Centers,” said the study indicating that some of the country’s most sensitive national infrastructures are vulnerable to systematic attacks. of Chinese hackers using state-of-the-art viruses to hack systems.
The malware stream was detected by Recorded Future, a US-based company that analyzes digital threats online. It found that most of the malware was never activated. And because Recorded Future was unable to enter India’s power systems, it was unable to examine the details of the code itself, which was placed in strategic power distribution systems across the country.
Since the beginning of 2020, Recorded Future’s Insikt Group observed a large increase in suspicion of intrusion activity directed against Indian organizations from Chinese state-sponsored groups, according to the report.
“Since mid-2020, Recorded Future’s midpoint collection revealed a sharp increase in the use of tracked infrastructure such as AXIOMATICASYMPTOTE, encompassing ShadowPad command and control servers, to target a large swath of India’s energy sector. 10 different organizations in the Indian energy sector, including four of the five regional load dispatch centers responsible for operating the electricity grid by balancing electricity supply and demand, have been identified as targets in a concerted campaign against infrastructure. Criticism of India. Other identified targets include two Indian seaports, “according to the report.
There was a “clear and consistent pattern of Indian organizations that were the target of this campaign through the behavioral profile of network traffic to the adversary’s infrastructure,” Recorded Future said.
A total of 21 IP addresses linked to 12 Indian power generation and transmission sector organizations, classified as critical, were targeted.
The report said that media reports had previously linked the October blackout in Mumbai to malware at a Padgha-based State Cargo Dispatch Center. “At this time, the alleged link between the outage and the discovery of the unspecified malware variant remains unsubstantiated. However, this disclosure provides additional evidence suggesting the coordinated targeting of Indian Freight Dispatch Centers.” the report said.
.
