Cyber Security News

Chinese Hacker Group Targeting Indian Power Grid Assets to Steal Sensitive Information

In February 2021, Future’s Insikt Group noticed and reported an intrusion activity that targeted operational assets belonging to India’s power grid. This intrusion activity was attributed to a Chinese-State Sponsored hacker group called “RedEcho”.

These hackers use the modular backdoor called “Shadowpad”. Shadowpad is associated with MSS (Ministry of State Security) linked groups. During the initial stages, MSS used Shadowpad for their own operations, and later they used it as a digital quartermaster.

These Hacker groups targeted nearly 7 Indian State Load Despatch Centers (SLDC). These SLDCs were used for real-time operations of grid control and dispatch of electricity within their respective states.

One of these SLDCs was located in North India, particularly near the India-China border. Another one was found to be previously targeted by RedEcho. However, the victims of intrusions tend to differ in every activity.

Along with this, these threat actors also compromised national emergency response systems and subsidiaries of a multinational logistics company.

This is done after compromising internet-facing DVR/IP camera devices for command and control of the Shadowpad. They also used an open-source tool called FastReverseProxy (FRP). This group has been named “TAG-38” (Threat Activity Group 38)

Key Points

The Specific and continuous targets of SLDCs denote that the State-sponsored hacking group is trying to maintain its access within India.

There is also a possibility that these attacks are conducted for gathering information related to critical infrastructure and its surroundings.

The gathered information can be used for future activities. Intrusive activities are related to the understanding of these complex systems which can increase their ability to gain sufficient access in the near future.

Background

The Chinese cyber espionage activity continues to increase in India. Many reports were previously reported like RedDelta, RedEcho, RedFoxtrot, TAG-28, and additional client-facing research. Further detailed analysis of this report is published by Recorded Future.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

12 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

13 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

15 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

16 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

20 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

20 hours ago