One year after a coordinated campaign targeting India's critical infrastructure was made public, China-linked adversaries are being blamed for an onslaught against Indian power grid organizations.
A modular backdoor called ShadowPad, dubbed a "masterpiece of privately sold malware in Chinese espionage," was responsible for most of the intrusions, according to the Insikt Group of Recorded Future.
Many groups affiliated with the PLO and the Ministry of State Security (MSS) continue to use ShadowPad, the researchers found. The tool was first used by known MSS contractors for their own operations before being used as a digital quartermaster, they said.
According to the cybersecurity firm, the long-term goal of the campaign is to help prepare for future contingency operations by facilitating the collection of intelligence on critical infrastructure. In September 2021, it is expected that the targeting will begin.
It was revealed in February 2021 that the RedEcho group was behind a similar attack on a State Load Despatch Center (SDLC) in Ladakh, a region where India and China are at loggerheads.
In the RedEcho attacks of 2021, ten different Indian power sector organizations were compromised, including six RLDCs (regional and state load despatch centers), two ports, a national power plant, and a substation.
Threat Activity Group 38 (TAG-38), which is similar to the UNC#### and DEV-#### designations given by Mandiant and Microsoft, has been linked to the latest malicious activities, citing "notable distinctions" from the previously identified RedEcho TTPs.
TAG-38 also impacted the Indian subsidiary of a multinational logistics company and a national emergency response system.
Although the initial infection vector used to breach the networks is unknown, a network of infected internet-facing DVR/IP camera devices located in Taiwan and South Korea commandeered the ShadowPad malware on the host systems.
According to the researchers, the use of ShadowPad by Chinese activity groups is growing, with new clusters of activity regularly identified through the backdoor as well as continued adoption by previously tracked clusters. At least 10 distinct groups with access to the malware are being monitored.
Union Power Minister R. K. Singh described the intrusions as "probing attempts" that occurred in January and February of this year, and that the government is constantly reviewing its cybersecurity mechanisms to strengthen defenses in the wake of the disclosure.
Chinese officials reiterated that they "firmly oppose and combat all forms of cyberattacks" and "cybersecurity is a common challenge facing all countries that should be jointly addressed through dialogue and cooperation."
There have been a series of reports from Chinese cybersecurity companies recently revealing that the US government has launched cyber attacks on many countries, including China, seriously jeopardizing critical infrastructure in these countries," Zhao Lijian, China's Foreign Ministry spokesperson, said.
"Numerous US allies or countries with which it collaborates on cyber security are also the targets of US attacks. We believe that the international community, especially China's neighboring countries, will keep their eyes open and make their own judgment on the true intentions of the United States."
Post a Comment
Your suggestions and comments are welcome