Chinese cyberwarfare? Beijing targeting critical Indian infrastructure and assets

Maharashtra state's Interior Minister Anil Deshmukh has said that China might have allegedly introduced malware into the electrical infrastructure that resulted in a massive power outage in its capital Mumbai last year, as per the reports submitted by the US-based Recorded Future cybersecurity firm.

A grid failure caused a widespread power outage in the financial and surrounding areas on October 12, 2020, a rare occurrence that disrupted train services in the city of 20 million.

Following the grid failure, Maharashtra's Chief Uddhav Thackeray had ordered an inquiry into the incident. In its report, Recorded Future has alleged China's intrusion in Mumbai's electrical infrastructure.

The malware tracing was done by Recorded Future which is a cybersecurity company founded in 2009 with headquarters in Massachusetts. The company claims that most of the malware was not activated. It may mean that a small proportion of malware was used during the Mumbai power outage.

A Chinese state-sponsored group Red Echo has been held responsible for the Mumbai power outage.

Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group Red Echo, “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”

The report said the flow of malware was pieced together by Recorded Future, a Somerville, Massachusetts, company that studies the use of the internet by state actors. It found that most of the malware was never activated.

Earlier, Chinese hacking group APT10, known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world’s largest vaccine maker.

SII is making the Oxford University-AstraZeneca vaccine for many countries and will soon start bulk manufacturing Novavax shots, while Bharat Biotech plans to export its COVAXIN shot to dozens of countries including Brazil and the Philippines.

Relations between the nuclear-armed neighbours soured in June when 20 Indian and four Chinese soldiers were killed in a Himalayan border confrontation.

Previously, Chinese attackers had injected malware into software updates provided by NetSarang, a legitimate software provider headquartered in the US and South Korea.

They had gained backdoor entry into the network of hundreds of banks, energy companies and pharmaceutical manufacturers.

Unlike Red Echo, Stone panda has a reputation for targeting governments and private sector companies around the world.

In 2018, America's FBI indicted two hackers from Stone Panda who were engaged in global computer intrusions for more than a decade. They stole data from managed service providers.

These are companies that manage the IT Infrastructure of businesses and governments worldwide and more than 45 technology companies.

In at least a dozen American states and government agencies the hackers stole a wide range of data, this includes intellectual property confidential business and tech information.

While these were two separate attacks, there is one detail that unites Red Echo and Stone Panda. Both groups have been linked to the Chinese state.

China's foreign ministry denied allegations by cyber intelligence firm Cyfirma that a state-backed hacking group has in recent weeks targeted the IT systems of two Indian vaccine makers whose coronavirus shots are being used in the country's immunisation campaign.

"China hopes relevant media and companies to have a professional and responsible attitude, and base characterizations of cyberattacks on ample evidence, rather than groundless guesses and accusations," foreign ministry spokesman Wang Wenbin said.