Suspected Chinese Hackers Targeted India’s Power Sector Near Disputed Ladakh Region: Report
One of the load dispatch centers previously was the target of another hacking group RedEcho.
New Delhi: Suspected state-sponsored Chinese hackers have, as part of an apparent cyber-espionage campaign, targeted India’s power sector in recent months, said the threat intelligence firm Recorded Future Inc. in a report.
The report published on Wednesday said the hackers focused on at least seven “load dispatch” centers in northern India that are responsible for carrying out real-time operations for grid control and electricity dispersal in the areas located near the disputed India-China border in Ladakh.
One of the load dispatch centers previously was the target of another hacking group RedEcho.
RedEcho, according to Recorded Future Inc., shares “strong overlaps” with a hacking group, which the United States has tied to the Chinese government.
“The prolonged targeting of Indian power grid assets by Chinese state-linked groups offers limited economic espionage or traditional intelligence gathering opportunities,” the threat intelligence firm said in its report.
ALSO READ: Sri Lanka Crisis: Prez Rajapaksa Refuses To Resign, India Sends Financial Aid & Petroleum | Key Updates
“We believe this is instead likely intended to enable information gathering surrounding critical infrastructure and/or pre-positioning for future activity,” the report added.
As per the Recorded Future Inc. report, the hackers compromised an Indian national emergency response system and a subsidiary of a multinational logistics company.
Dubbed TAG-38, the hacking group has used a kind of malicious software called ShadowPad.
This software, as per Recorded Future Inc., was earlier associated with China’s People’s Liberation Army (PLA) and the Ministry of State Security.
The method the attackers used to make the intrusions using compromised internet of things devices and cameras was unusual, said Recorded Future Inc. Senior Manager Jonathan Condra, adding the devices used to launch the intrusions were based in South Korea and Taiwan.
This report comes at a time when China has consistently denied its involvement in malicious cyber activity.
Top Headlines
