+

CHINESE HACKERS STILL ACTIVELY TARGETING INDIAN PORTS: US FIRM

Recorded Future chief Stuart Solomon says that the US firm could see a ‘handshake’—indicating an exchange of traffic—between a China-linked group and an Indian maritime port. Indian authorities deny any cyberattacks, but say that malware has been found.

A US Firm on Wednesday said that Chinese hackers are still actively targeting Indian ports.

Recorded Future chief Stuart Solomon said that the US firm could see a ‘handshake’—indicating an exchange of traffic—between a China-linked group and an Indian maritime port. Calling the group RedEcho, Recorded Future said that the hackers had targeted as many as 10 entities under India’s power grid as well as two maritime ports when the company first notified the Computer Emergency Response Team on 10 February. Most of these connections were still operational as recently as 28 February, the Recorded Future chief added.

“There’s still an active connection between the attacker and the attackee,” Solomon said, referring to the port. “It’s still happening.”

The 10 entities which RedEcho infiltrated account for nearly 80% of India’s landmass from an electricity-coverage perspective, said Solomon. The intrusions could have remained unexposed and undetected until they were needed as leverage, he said. “If it was meant to take down the lights, it would have taken down the lights,” Solomon said. “It didn’t.”

Chinese Foreign Ministry spokesman Wang Wenbin said in Beijing on Wednesday that without any proof, slandering a specific side is irresponsible behaviour and an ill-intentioned one.

However, federal officials in India have denied any cyberattacks, but said that malware has been found.

On the other hand, the National Critical Information Infrastructure Protection Centre emailed the central Power System Operation Corp about the threat from RedEcho on 12 February, the Power Ministry said in a statement on Tuesday. Dispatch centre employees shut down control functions that allow circuit breakers to be operated remotely. They changed user credentials and isolated vulnerable equipment.

Initial information had suggested 14 Trojan Horses, that is malicious code, and 8 gigabytes of unaccounted foreign data could have been transferred to the main electricity board. Maharashtra Home Minister Anil Deshmukh on Wednesday said that black-listed IP addresses had tried to log-in to the board’s servers. However, he didn’t attribute the attack to any country or entity.

Some of the Trojan Horses have been used to carry out similar cyberattacks around the world, Maharashtra’s energy ministry said in a statement on Wednesday.

The intrusions into India’s critical infrastructure have been occurring since at least the middle of last year, according to Recorded Future, at a time when Indian and Chinese soldiers were in a standoff along the Line of Actual Control in eastern Ladakh.

The October collapse of the power grid that supplies Mumbai had brought the financial hub to a halt for several hours, impacting stock markets, transport networks and thousands of households.

“It’s not unusual to see this type of technique used by nation states as an instrument of national power,” said Solomon. “This could be as simple as trying to drive influence operations to be able to signal either to the people or the government that at any given time they have leverage that can be used against them,” he added.

Solomon’s firm, Recorded Future, is a privately-held cybersecurity firm based near Boston that tracks malicious activity by nation state actors. However, the firm hasn’t made any connection or assertion between the traffic observed under RedEcho and the Mumbai outage.

WITH AGENCY INPUTS

Tags:

Featured