China Hackers Still Actively Targeting Indian Port: US Cyber Firm

The report comes amid news that the same hackers may have caused an outage in Mumbai’s power supply. 

The Quint
Security
Published:
The report comes amid news that the same hackers may have caused an outage in Mumbai’s power supply. 
i
The report comes amid news that the same hackers may have caused an outage in Mumbai’s power supply. 
(image: Google)

advertisement

At least one connection opened by Chinese state-sponsored hackers into the network system of an Indian maritime port is still active, according to the US firm that alerted officials, reported Bloomberg.

The group, referred to as RedEcho, is alleged to be behind the penetration into the port’s networks, according to Recorded Future, a threat intelligence and security company.

The company says it had targeted as many as 10 entities under India's power grid as well as two maritime ports when the company first notified the Computer Emergency Response Team on 10 February.

The report comes amid a recent study by the same company that suggests that the massive power outage that brought the metropolitan city of Mumbai to a grinding halt, in October 2020, may have been caused by threat actors in China.

The study suggests that India’s power facilities may have come under direct attack from China, amid the clashes between the two countries in 2020.

As of Tuesday, Recorded Future could see a 'handshake' -- indicating an exchange of traffic -- between a China-linked group and an Indian maritime port, said Stuart Solomon, the firm's chief operating officer, according to the Bloomberg report.

Most of these connections were still operational as recently as 28 February, Solomon said.

"There's still an active connection between the attacker and the attackee," Mr Solomon said, referring to the port. "It's still happening.”

A spokesman for the Ministry of Electronics and Information Technology wasn't immediately available for comment.

The intrusions into the country's critical infrastructure have been occurring since at least the middle of last year, according to Recorded Future, which tracks back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas.

Recorded Future, a Boston-based cybersecurity firm that tracks malicious activity by nation-state actors, hasn't made any connection or assertion between the traffic observed under RedEcho and the Mumbai outage, according to the Bloomberg report.

While the Maharashtra government has launched an investigation into the matter, the Centre has said that there has been no evidence of China’s role in the matter so far.

However, Solomon said, "it's not unusual to see this type of technique used by nation states as an instrument of national power."

“This could be as simple as trying to drive influence operations to be able to signal either to the people or the government that at any given time they have leverage that can be used against them,” he added.

The 10 entities RedEcho infiltrated account for nearly 80% of the country's land mass from an electricity-coverage perspective, Mr Solomon said. The intrusions could have remained unexposed and undetected until they were needed as leverage, he said.

"If it was meant to take down the lights, it would have taken down the lights," Mr Solomon said. "It didn't."

(With inputs from Bloomberg)

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: undefined

ADVERTISEMENT
SCROLL FOR NEXT