Cybersecurity Alert: Chinese-Sponsored Attacks Target India’s Critical Infrastructure
Recent revelations by cybersecurity experts have uncovered a series of coordinated cyberattacks aimed at India’s critical infrastructure, notably its power grid. These attacks, attributed to state-sponsored Chinese hacking groups, coincide with escalating border tensions between India and China that intensified in May 2020.
The offensive has primarily targeted twelve organizations, ten of which belong to India’s power generation and transmission sector. A report from Recorded Future has identified ten specific entities, including four of the five Regional Load Despatch Centres (RLDC), crucial for balancing electricity supply and demand across the grid. Notably, the attacks also impacted two Indian seaports, indicating a broader strategy to disrupt essential services.
Investigators from Insikt Group, part of Recorded Future, have linked these intrusions to a group dubbed “RedEcho.” The malware utilized in this campaign reflects strong similarities in its infrastructure and victim targeting to those employed by known Chinese groups, including APT41 and the Tonto Team. Such tactics are aligned with MITRE ATT&CK strategies that suggest potential initial access and persistence methods utilized in these attacks.
The timing of these breaches aligns with heightened military confrontations in Ladakh’s Galwan Valley, where deadly clashes occurred between Indian and Chinese soldiers. Reports indicate that while twenty Indian servicemen lost their lives, China formally acknowledged only four casualties as of February 19, 2021. Concurrently, the Indian government has intensified its cybersecurity stance, banning over 200 Chinese applications perceived as threats to national security.
Recorded Future’s analysis posits that the intrusions leveraged a shared infrastructure named AXIOMATICASYMPTOTE, which includes the modular Windows backdoor known as ShadowPad, associated with APT41 and other Chinese cyber actors. The report also raises possibilities linking these cyberattacks to a significant power outage that crippled Mumbai in October 2020. Although early investigations traced the outage to malware found in a State Load Despatch Centre, doubts remain about direct correlations.
Compounding the complexity, a known state-sponsored group, Sidewinder, reportedly targeted Chinese military and government entities through spear-phishing campaigns. This group’s actions highlight the intricate cyber warfare strategies employed during geopolitical skirmishes, underscoring the critical nature of infrastructure-related cybersecurity.
As the situation continues to evolve, with ongoing investigations into the Mumbai blackout revealing potential cyber sabotage, the focus remains on safeguarding India’s energy infrastructure. The attack on these key sectors demonstrates a sustained intention to compromise critical resources, which affects millions of citizens.
In light of these developments, business leaders must remain vigilant in maintaining robust cybersecurity measures, particularly as adversaries increasingly leverage sophisticated methods to infiltrate essential services. The overlap and continuity of such strategies serve as a pertinent reminder of the imperative to bolster defenses against evolving cyber threats.
Updates from India’s Computer Emergency Response Team (CERT-IN) are awaited as investigations progress, emphasizing the urgency of addressing these vulnerabilities in a landscape fraught with cyber risks.
