RedEcho cyber attack: Ports in TN, Mumbai, scores of power assets in India came under attack
New Delhi, Mar 05: 10 power assets came under the RedEcho cyber attack, the Recorded Future said. Further, the report also said that the ports in Mumbai and Tamil Nadu too came under attack by the actor group, which has Chinese links.
The report said that the Delhi state load despatch centre, DTL Tikri Kalan substation in Delhi; Mumbai Port Trust, western regional load despatch centre In Maharashtra, NTPC's Kudgi power plant and southern regional load despatch centre in Karnataka, VO Chidambarnar port in Tamil Nadu, Telengana load despatch centre, eastern regional load despatch centre in West Bengal load despatch centre and northeastern regional load despatch centre in Assam were the power assets that came under attack.
During a presentation, CEO of Recorded Future, Christopher Ahlberg said thatt they observed through the network intelligence significant, high volume network traffic from Indian power sector assets to servers used by China-linked group RedEcho. The adversary infrastructure is still active and activity continues, he also said.
On Monday a report said that a massive power outage in Mumbai last October may have been the handiwork of China. Beijing has however denied this.
The report says that a China linked threat activity group, RedEcho targeted the Indian power sector.
The links to the Mumbai outage provides additional evidence suggesting the coordinated targeting of
Indian Load Dispatch Centres, the report further stated.
The flow of Malware was pieced together by Recorded Future, a US based company that studies the use of internet by state actors. It found that most of the malware was never activated. Because Recorded Future could not get inside India's power systems, it could not examine the details of the code itself.
"From mid-2020, Recorded Future's midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control servers, to target a large swathe of India's power sector. 10 distinct Indian power sector organisations, including four of the five regional load dispatch centres responsible for the operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India's critical infrastructure. Other targets identified include two Indian seaports," the report said.
Further it also said that there was a clear and consistent pattern of Indian organisations being targeted in this campaign through the behavioural profiling of network traffic to adversary infrastructure.