Chinese Hackers Are Still Actively Targeting Indian Port in Shadow War, U.S. Firm Says

US-based Recorded Future has stated that one connection opened by Chinese state-sponsored hackers into an Indian port's network system is still active, even as authorities block attempts to penetrate the nation's electrical sector. It said the hackers targeted 10 entities under India's power grid and two maritime ports when the company notified India's Computer Emergency Response Team last month.

Stuart Solomon, the firm’s chief operating officer said they could see a ‘handshake’ – which is an indication of an exchange of traffic – between a China-linked group and an Indian maritime port. Calling the group ‘Red Echo’, the firm said it had targeted as many as 10 entities under India’s power grid as well as two maritime ports when Recorded Future first notified India’s Computer Emergency Response Team on February 10. Solomon said most of these connections were still operational as recently as February 28.

Chinese Foreign Ministry spokesman Wang Wenbin said without any proof, slandering a specific side was “irresponsible behavior and an ill-intentioned one”.

The cyber-attack attempt assumes significance as it comes at a time when a US newspaper reported recently that the 2020 power blackout in Mumbai was due to a China-based cyber-attack. Computer networks of at least 12 Indian state-run organisations, primarily power utilities and load dispatch centres, have been targeted by Chinese state-sponsored groups since mid-2020 in an attempt to inject malware that could cause widespread disruptions, the study by Recorded Future had revealed.

According to the US-based company that monitors the use of the internet by state actors for cyber-campaigns, NTPC Limited, the country’s largest power conglomerate; five primary regional load dispatch centres that aid in the management of the national power grid by balancing electricity supply and demand; and two ports were among the organisations attacked.

The activity appears to have started well before the May 2020 clashes between Indian and Chinese troops that triggered the border standoff along the Line of Actual Control in eastern Ladakh, the report said. It further stated, there was a “steep rise” in the use of a particular software by Chinese organisations to target “a large swathe of India’s power sector” from the middle of last year.

Recorded Future has not made any connection between the traffic observed under RedEcho and the Mumbai outage. “It’s not unusual to see this type of technique used by nation states as an instrument of national power,” Solomon, however, said.