Chinese Cyber attack on India’s critical infrastructure

Maharashtra Power Ministry recently announced that they had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company.

Context

Maharashtra Power Ministry recently announced that they had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company.

A similar case in US

• Moreover, Recorded Future, a U.S.-based cyber security firm, has also flagged the increase in cyber intrusions from China to target India’s critical infrastructure like electricity and ports.
• A reportcompiled by Recorded Future, details a campaign conducted by a China-linked threat activity group it calls ‘RedEcho’, which targeted the Indian power sector through malware.
• These malwares could be the cause of the massive power outage in Mumbai October,2020.
• A large number of IP addresses linked to critical Indian systems were communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
• These servers had domain spoofing those of Indian power sector entities configured to them. For example, they had “ntpc-co.com” which spoof the authentic “ntpc.co.in”
• AXIOMATICASYMPTOTE servers acted as command-and-control centres for a malware known as

What is ShadowPad?

• ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers (here it was AXIOMATICASYMPTOTE).
• Information can be extracted or more malicious code can be delivered via this path

Other Chinese groups involved in cyber attacks around the world

• APT41
• Barium
• Winnti
• Wicked Panda
• Wicked Spider