China's cyber-war with India
Mar 18, 2021
New Delhi [India], March 18 : India has robust cybersecurity mechanisms in place and it is well prepared to counter and thwart any Chinese attacks, informed government to the Parliament Standing Committee on Information Technology recently.
Acknowledging the rising Chinese threat, the government told that it has the cutting-edge technology, standard operating procedures, and processes to tackle such scenarios in a response to questions about the recent Mumbai power outage to a Chinese state-backed firm.
On February 28, the US-based cybersecurity firm "Recorded Future" published a report saying it had observed a "steep rise" in the use of resources like malware by a Chinese group called Red Echo to target "a large swathe" of India's power sector.
The report had attributed to the infiltration of Chinese state-backed hackers in at least ten electricity assets owned by NTPC and POSCO.
It said ten distinct Indian power sector organisations were targeted, including four Regional Load Despatch Centres (RLDCs) that are responsible for the smooth operation of the country's power grid by balancing the supply and demand of electricity. Recorded Future said the group also targeted two Indian seaports.
Red Echo used malware called ShadowPad, which involves the use of a backdoor to access servers. The Ministry of Power on Monday confirmed these attempts, stating it had been informed in November 2020 about the ShadowPad malware "at some control centres" of the Power System Operation Corporation Ltd (POSOCO), the government enterprise in charge of facilitating the transfer of electricity through load despatch centres.
The Ministry said it was informed of Red Echo's attempts to target the country's load despatch centres in February. It had said "no data breach/data loss" had been detected due to the incidents and that none of POSOCO's functions had been impacted. The government said it had taken action against the threats observed.
The attempts by the Red Echo group have been occurring since at least the middle of last year, around the time a bloody skirmish between Indian and Chinese soldiers took place along the Line of Actual Control (LAC) in eastern Ladakh, the firm said.
"As bilateral tensions continue to rise, we expect to see a continued increase in cyber operations being conducted by China-linked groups such as RedEcho in line with national strategic interests," stated Recorded Future.
Recent cyber intrusions also crippled systems at banks and caused a glitch at the country's premier National Stock Exchange.
Last year in September, evidence emerged of a Chinese government-linked company's attempt to monitor the digital footprint of thousands of Indian citizens.
In November, the government was apprised of a malware threat in segments of its power infrastructure. Now, a cyber-intelligence firm claims another Chinese government-linked hacking group has targeted the makers of the two vaccines currently used in India's COVID-19 vaccination programme.
The Goldman Sachs-backed cyber intelligence firm Cyfirma said a Chinese hacker group known as Stone Panda had "identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India", according to a Reuters report.
These companies have developed Covaxin and Covishield, which are currently being used in the national and international COVID-19 vaccination campaign.
Some Indian companies involved in COVID-19 vaccine development have said that they have noticed a nearly hundred-fold increase in cyber-attack attempts by foreign entities from countries like China and Russia over the last six months. When vaccine companies are targeted, the motive could be competition.
The motivation behind Stone Panda's attack against SII and Bharat Biotech's IT systems was to extract the companies' intellectual property and gain a "competitive advantage over Indian pharmaceutical companies," Reuters reported.
India is working on a new national strategy to strengthen the country's cyber-security amid China's cyber eye revealed Lt Gen Rajesh Pant, the country's National Cyber Security Coordinator earlier in March.
Disclosing about the plan, he said it would coordinate responses across ministries including Home Affairs, Information Technology, Defence and the National Critical Information Infrastructure Protection Centre in case of an attack and set audit procedures in place.
The new strategy will lay down protocols for prevention and audit to secure the government's digitally connected water, health and education systems that are all being treated as critical infrastructure, he said. Infrastructure like nuclear, power and aviation will be considered supercritical.