Cyberattacks by RedEcho, the actor group with China links, on India’s power infrastructure have been more widespread than previously known and the activity continues even after military de-escalation in Ladakh’s Pangong area, American security enterprise Recorded Future has revealed.
According to Christopher Ahlberg, CEO of Recorded Future, the Massachusetts-based security enterprise that detected the intrusions, 10 Indian power sector assets and Mumbai and Tamil Nadu’s V O Chidmabaranar ports came under attack.
On the Union power ministry’s statement that no installation was affected as safeguards were already in place, Charity Wright of Insikt, Recorded Future’s threat research group, said it showed the government responded to alerts.
On power minister R K Singh blaming the Mumbai blackout in October last year on human error, Ahlberg said there was insufficient data to prove a cyberattack caused the massive Mumbai power outage.
Recorded Future observed through its network intelligence significant, high-volume, network traffic from Indian power sector assets to servers used by China-linked group RedEcho… The adversary infrastructure is still active and activity continues,” Ahlberg said in a presentation on the group’s findings on Thursday. Wright said the location of targeted infrastructure covered the length and breadth of India’s geography as well as the demography.
A New York Times report had last Sunday reported these intrusions, citing findings by Recorded Future. It raised doubt that Chinese hackers may have caused the October 12 power outage in Mumbai as a warning against strong Indian pushback to PLA’s border transgressions in Ladakh. Targeting the Indian energy sector offers limited economic espionage opportunities. But the group believed “gathering future operational activity, pre-positioning destructive malware, as a warning/show of force during heightened bilateral tensions; and potential information operation to disturb Indian population” could be the possible objectives.