Chinese cyber attacks: RedEcho still active, targeted Chidambaranar port on March 2
In yet another revelation on the China-sponsored cyber attack on India, the US-based Recorded Future has said that 2021 may see more such attacks on Indian organisations by Chinese hackers. Even after the report came out in public, cyber attacks were reported against V O Chidambaranar port in Tamil Nadu on March 2 and NTPC on February 28.
Recorded Future, an intelligence provider for enterprise security, had said in its report that power sector assets including state-run NTPC and Power Sector Operation Corporation Ltd (POSOCO), two ports, oil and gas assets and the Indian Railways were exposed to cyber attacks by Chinese group RedEcho.
"Targeting of important organisations in India by Chinese groups like RedEcho will likely continue in 2021. One particular victim infrastructure that was exposed to attack on March 2 was V O Chidambaranar port," said Charity Wright, Cyber Threat Intelligence Expert, Recorded Future, addressing a webinar on March 5.
Other than NTPC and POSOCO, the other power sector assets that were under attack included NTPC Kudgisuper thermal power plant, load despatch centres in Western, southern, northeastern and eastern regions, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, Delhi Transco Ltd substation at Mundka, V O Chidambaranar port in Tamil Nadu and Mumbai Port Trust.
However, Recorded Future stated that there is no proof of RedEcho's role in the massive power outage in Mumbai on October 12 last year, which blacked out the country's financial capital.Close
"Targeting of strategic Indian power grid assets tell us that there is no economic interest by the threat actors. It does not appear to be due to any espionage interests, as these assets are old," Wright said. She added that the move may have been an effort for future disruptive cyber operations like power blackouts.Recorded Future had informed the Indian authorities about the activities by such groups in November last year and February this year. According to a statement by the ministry of power, the Indian Computer Emergency Response Team (CERT-In) had informed them in November 2020 about a threat by malware 'ShadowPad' at some control centres of POSOCO.