Chinese Hacker Group Targets Indian Power Sector & critical infrastructure Amid Border Tensions

Recently, a Chinese state-sponsored hacker group, RedEcho has targeted the Indian power sector and critical infrastructure amid border tensions in an effort to implant malware. As the tension between the two most populous nations, India and China at the border worsened significantly. 

But, after the series of large-scale automated network traffic analytics and analysis, the security experts were able to identify the activity.

According to the reports, the data sources comprise several security platforms, open-source tools, and techniques like Recorded Future Platform, SecurityTrails, Spur, and Farsight.

This report will lure the individuals who are involved in the strategic and operational intelligence activities associated with India and China.

Apart from this, the foreign minister of India, Subrahmanyam Jaishankar has declared on January 12, 2021, that the faith between India and China was significantly disturbed. But, here only the diplomacy and economic factors have countered a full-blown war between these two nations.

Cyber Espionage of Chinese state-sponsored Hacker Groups

The security researchers at Recorded Future’s Insikt Group have perceived targeted intrusion activities of Chinese state-sponsored hacker groups against Indian organizations since early 2020 at a large scale.

Since mid-2020, the researcher of Recorded Future’s has unveiled a huge hype in the use of infrastructure which is tracked as AXIOMATICASYMPTOTE. And it embraces ShadowPad command and C2 servers through which the threat actors target India’s power sector and critical infrastructure.

The report clearly affirms that in this incident, the threat actors have targeted 10 different Indian power sector organizations and 2 Indian seaports.

Key Judgements

The security researchers have identified a subset of these AXIOMATICASYMPTOTE servers which share common techniques, procedures, and infrastructure tactics that are already performed by the Chinese state-sponsored groups like APT41 and Tonto Team.

  • Indian critical infrastructure offers limited economic espionage possibilities.
  • By compromising the energy assets the threat actors will get several benefits like geo-strategic signaling during heightened bilateral tensions, supporting influence operations, or as a precursor to kinetic escalation.
  • The RedEcho has several strong connections and overlaps with Chinese groups APT41/Barium and Tonto Team.

But, the Insikt Group believes that all these shreds of evidence are not enough to associate or blame this campaign to an existing public group. That’s why the security experts have concluded that they are investigating the whole matter closely.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.