Chinese Cyber attack on India’s critical infrastructure

Context

Maharashtra Power Ministry recently announced that they had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company.

A similar case in US

• Moreover, Recorded Future, a U.S.-based cyber security firm, has also flagged the increase in cyber intrusions from China to target India’s critical infrastructure like electricity and ports.
• A reportcompiled by Recorded Future, details a campaign conducted by a China-linked threat activity group it calls ‘RedEcho’, which targeted the Indian power sector through malware.
• These malwares could be the cause of the massive power outage in Mumbai October,2020.
• A large number of IP addresses linked to critical Indian systems were communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
• These servers had domain spoofing those of Indian power sector entities configured to them. For example, they had “ntpc-co.com” which spoof the authentic “ntpc.co.in”
• AXIOMATICASYMPTOTE servers acted as command-and-control centres for a malware known as

What is ShadowPad?

• ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers (here it was AXIOMATICASYMPTOTE).
• Information can be extracted or more malicious code can be delivered via this path

Other Chinese groups involved in cyber attacks around the world

• APT41
• Barium
• Winnti
• Wicked Panda
• Wicked Spider