Chinese Hackers Are Suspected To Target India
As part of a blatant cyberespionage campaign, Chinese hackers are suspected to have targeted the power sector in India in recent months, according to a report published Wednesday by threat intelligence provider Recorded Future Inc.
There are seven “load dispatch” centres near the China–India border in Ladakh where the hackers’ targeted real-time grid control and electricity dispersion operations. These centres are responsible for distributing power to those areas where they are located, the report said. Another load dispatch centre had been hacked previously by another hacking group, RedEcho, according to Recorded Future, which shared “strong overlapping elements” with a hacking group that the US has linked to the Chinese government.
In its report, Recorded Future states that state-linked Chinese groups have targeted Indian power grid assets for several years, providing limited opportunities for economic espionage or traditional intelligence gathering. We believe this is instead probably intended to enable the gathering of information around critical infrastructure and/or to reposition the country for future activity.”
According to the report, the hackers also compromised an Indian national emergency response system and a subsidiary of a multinational logistics company.
A hacking group called TAG-38 has been using a malicious software known as ShadowPad, a type of malicious software associated with China’s People’s Liberation Army and Ministry of State Security, Recorded Future reported. The researchers did not identify the victims by name.
A senior manager at Recorded Future, Jonathan Condra, said the attackers used compromised cameras and internet of things devices to make the intrusions and that the method was unusual. In the country of South Korea and Taiwan, the devices used were used to launch the intrusions.
At press time, the Chinese ministry of foreign affairs had not responded to a request for comment. The Chinese government consistently denies being involved in malicious cyber activity. Neither Indian authorities nor the Chinese government responded to requests for comment.
The Indian power grid was once again exposed to attacks from Chinese hackers, according to a new threat intelligence report.
In addition to the power grid near the Ladakh border, hackers reportedly targeted the water system.
Moreover, Chinese hackers were also reportedly responsible for the massive power blackouts in Mumbai in 2020.
According to reports, Indian power grids have been attacked by Chinese hackers, who targeted the sensitive areas near the Ladakh border. Another study done in 2021 warns that this could be another attack by the Chinese against the Indian power grid, with malware being used to compromise the system.
Chinese cyberattacks against the Indian power grid may be part of an espionage operation, according to a recent report by threat intelligence firm Recorded Future. According to the report, there could have been an attempt to collect crucial data for positioning China for future offensive activities against India.
“Continuous targeting of India’s grid assets by China’s state-owned group has limited opportunities for traditional industrial espionage and intelligence gathering,” the report said. The Recorded Future report said.
“We believe this is intended to enable critical infrastructure intelligence gathering and/or pre-positioning for future operation,” he added.
In addition to the power grid, the hackers are also alleged to have infiltrated the national emergency response system along with a subsidiary of a multinational logistics company, which the report did not name.
Using Compromised Internet of Things Cameras and Devices
Internet of Things (IoT) security cameras and devices have long been known to be insecure, and it’s no surprise the report says that Chinese hackers have used these IoT devices and cameras as a man-in-the-middle.
The report further states that these Chinese hackers carried out attacks on India’s power grid using equipment located in South Korea and Taiwan – countries with good relations with India. Degree – can fool researchers and avoid blaming China.
Suspected links to the Chinese government
The hacking group, known as TAG38, used malware called ShadowPad. The software was previously affiliated with the People’s Liberation Army and the Ministry of State Security, hinting that it could be a Chinese state-sponsored hacking campaign.
Earlier in 2021, Record Future also found that Chinese malware was detected in India’s power grid a few months after clashes broke out in the Galway Valley in 2020.
At the same time, Mumbai, India’s financial capital and one of the hardest-hit areas during the first wave of the COVID19 pandemic, lost power throughout the city. This forced the city’s hospitals to turn to emergency generators to keep vital life support systems running.
China’s state-owned hackers have targeted India’s distribution centers near Ladakh for the past eight months, following a long-term military conflict between the two countries in the region, according to a report by private intelligence agency Recorded Future on Wednesday. It is a typical flash point. .. The government said the attack was unsuccessful.
“Over the past few months, we have observed the potential for network intrusions targeting at least seven Indian State Load Dispatch Centers (SLDCs) responsible for performing real-time grid control and power dispatch operations in each state. did. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed IndiaChina border in Ladakh,” the group said.
Sources said the attack took place between August and March last year. The investigation found that data to and from India’s load coordination centres to China’s state-sponsored command and control servers was spread around the world, they said.
“In addition to targeting cyber assets, we also identified a breach of the National Emergency Response System and the Indian subsidiary of a multinational logistics company by the same team.” threatening activity,” Recorded Future said.
The group said it had notified the government of the findings before the report was released.
“But two attacks by Chinese hackers on distribution centres near Ladakh have failed … defence systems to counter such cyberattacks have already been strengthened,” said the Minister of Energy. RK Singh was reportedly stated by ANI News Agency.
Chinese attackers have sought to gather information about critical infrastructure systems, according to a secret service that specializes in identifying threats from hackers, one of the largest in the world and sponsored by the country.
“With continued attacks on cargo handling centers in states and regions of India over the past 18 months, initially by RedEcho and now by TAG38 latest activity, this attack are targeting some Chinese countries. It could be a long-term strategic priority for the state, as are the sponsored threat actors operating in India. “
“Continued attacks on Indian cyber assets by the Chinese state-owned group limit opportunities for traditional industrial espionage and intelligence gathering. Instead, this adjustment provides intelligence on critical infrastructure systems. We believe it will be possible to collect or pre-place for future activities, “she added. According to Future, there are an increasing number of 4,444 high-profile cyber attacks around the world.
Last year, millions of people on the east coast of the United States were hit by ransomware attacks on major gas pipelines, but many in Australia were on the verge of defeat. After hitting the key power grid, power is lost. In February last year, the
Group reported a breach of 10 different Indian energy sector organizations, including 4 of 5 Regional Load Dispatch Centers (RLDCs), 2 ports, major generators and other assets. Said.
” Recorded Future continues to monitor Chinese government-funded corporate groups in various industries around the world… but recent collaborative efforts targeting Indian cyber assets have been contrary to Contrary to our view, tensions and borders continue to widen. Conflicts between the two countries are a source of concern. “
Since then, several talks have had limited success in relieving tensions, and both sides have strengthened the area with additional military equipment and thousands of additional soldiers.
Last month, India said its relations with China may not be normal until the troops dissolve, but Beijing wrote a note of reconciliation during a foreign ministers’ meeting in New Delhi.
