JOIN USChinese hackers target India's power grid, vaccine companies: 10 things to know
Amidst the tense border tension between India and China, a Chinese government-linked group of hackers targeted India’s critical power grid system through malware, a US company said in its latest study.
Additionally, Chinese state-backed hacking group targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country's Covid-19 vaccination campaign, cyber intelligence firm Cyfirma said.
Here's what you need to know about these attempts:
1. Recorded Future, a Massachusetts-based company which studies the use of the internet by state actors, in its recent report details the campaign conducted by a China-linked threat activity group RedEcho targeting the Indian power sector.
2. Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organisations from the Chinese state-sponsored group.
3. Ten distinct Indian power sector organisations, including four of the five Regional Load Despatch Centres responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure.
4. Recorded Future said in the lead-up to the May 2020 border skirmishes, it observed a noticeable increase in the provisioning of PlugX malware C2 infrastructure, much of which was subsequently used in intrusion activity targeting Indian organisations.
5. According to the Recorded Future report, from mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector.
6. Goldman Sachs-backed Cyfirma, based in Singapore and Tokyo, said Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world's largest vaccine maker.
7. Microsoft said in November that it had detected cyber attacks from Russia and North Korea targeting Covid-19 vaccine companies in India, Canada, France, South Korea and the United States.
8. "The real motivation here is actually exfiltrating intellectual property and getting competitive advantage over Indian pharmaceutical companies," said Cyfirma Chief Executive Kumar Ritesh, formerly a top cyber official with British foreign intelligence agency MI6.
9. Ritesh, whose firm follows the activities of some 750 cyber criminals and monitors nearly 2,000 hacking campaigns using a tool called decipher, said it was not yet clear what vaccine-related information APT10 may have accessed from the Indian companies.
10. Rivals China and India have both sold or gifted Covid-19 shots to many countries. India produces more than 60% of all vaccines sold in the world.
(With agency inputs)