China-Linked Group RedEcho Targets the Indian Power Sector: Report
Recorded Future, an intelligence outfit for enterprise security, today (March 1) revealed details of a cyber campaign conducted by a China-linked group, named RedEcho by Insikt Group, in a new report. Recorded Future’s automated network traffic analytics and expert analysis identified the threat group activity targeting the power sector in India.
Amid heightened border tension between India and China, a massive power outage had taken place in Mumbai during October last year. As a result, trains had stopped and hospitals could not operate while the city was facing an acute coronavirus crisis.
The ongoing India-China border dispute covers the 3488-km-long Line of Actual Control (LAC). In the past few months, China has used its military might to claim that the areas which were perceived to be disputed belong to China.
The conflict began in June last year when China captured 60 sq. km. of the territory that India claims its own. The Chinese soldiers used force to capture Indian land. According to a statement released by the Indian Army, the Chinese troops killed 20 Indian soldiers deployed in the Galwan area of Ladakh region in western Himalayas.
According to the report, the Insikt Group identified 10 Indian power sector organizations as key targets. The report asserts that the relations between India and China have deteriorated significantly following border clashes in May 2020 that resulted in the first combat deaths in 45 years between the world’s two most populous nations.
Key findings from the report include:
- Recorded Future’s Insikt Group identified RedEcho targeting 10 distinct Indian organizations in the power generation and transmission sector and two organizations in the maritime sector.
- Insikt Group believes the targeting of these organizations poses significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.
- It is reported that RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least 5 distinct Chinese groups.
- The computer network operations (CNO) targeting of strategically important organizations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.
“The impact of a cyber attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organization and across a nation,” said Dr. Christopher Ahlberg, CEO and Co-Founder, Recorded Future.
Recorded Future’s Insikt Group, the company’s threat research arm, is comprised of subject-matter experts in technical threat intelligence and foreign adversary tactics, techniques, and procedures (TTPs), including analysts and security researchers.
By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future says it delivers intelligence in a world of ever-increasing chaos and uncertainty.
Note: RMN news service cannot independently confirm the findings of the Recorded Future report.