China- sponsored hacker group target at least dozen Indian organizations

According to the Indian National Critical Information Infrastructure Protection Center, all 12 organizations are critical infrastructure (Source- News18)

Since the Galwan Valley clash, China has been made many attempts to inject malware to cause widespread disruption in India. A US-based company Recorded Future says that the computer network of at least a dozen Indian state-run organizations, mainly power utilities and load dispatch centers were at target.

The NTPC, India's largest power generation company, five key regional load dispatch centers which help in the management of balancing electricity supply and demand, and two ports - VO Chidambaram Port and Mumbai Port Trust were among the 12 targeted organizations.

The activity apparently began much before clashes between Indian and Chinese troops in May 2020, which triggered the border standoff in the Ladakh sector of the Line of Actual Control (LAC), and there was a “steep rise” from the middle of last year in the use of a particular malware linked to Chinese state-sponsored groups to target “a large swathe of India’s power sector”, The report of Recorded Future says.

The report claims that the intrusions were not only limited to the Indian power sector but also to target several government and defense organizations.

The report also mentions that the alleged intrusion of Chinese hackers has links with the Ministry of State Security, China's main intelligence agency, and the People's Liberation Army(PLA).

The report further states that " In the lead-up to the May 2020 skirmishes, we observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organizations. The PlugX activity included the targeting of multiple Indian governments, public sector, and defense organizations from at least May 2020,” the report said.

Recorded Future's chief operating officer Stuart Solomon said that the "Chinese state-sponsored group Red Echo has been seen to systematically utilize cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure."

Earlier on October 13, the Power grid was under cyberattack. Due to the power cut, trains shut down, offices across Mumbai, Thane, and Navi Mumbai were shut down too. The stock market closed for nearly 2 hours.

1 view0 comments