China has been recently concentrating their attack on India’s power sources as a new strategy of their warfare. They have been constantly targeting India to gain their power of the disputed region, Himalayas. Both countries India and China are engaging to build a better infrastructure along the border which is known as the Line of Actual Control.
The Chinese military persistently aims at creating disputes within the borders provoking the Indian army. In last 6 months there have been 2 attacks. When China realized that only physical combat can’t give them the power over the Indian government, they began to plan and execute cyber-attacks with technically trained cyber groups.
The beginning of the attack against India power sources began on October 12, 2020. They first targeted the Mumbai power systems, corrupted their servers and caused power collapse which widely affected the electricity supply of the city. It feigned the lives of common people and brought serious economic loss for the state of Maharashtra.
Apart from this attack, several other cyber-attacks took place in different power grids and ports in India. Other than the Mumbai blackout scam, all other attacks were found to have the presence of a Chinese hacker group, Red Echo.
On the basis of a general analysis, the Union Minister of Power, RK Singh claimed that the blackout was caused due to the human error. But after a detailed study by the cyber cell groups, they summarized that it was a planned attack from a Chinese attack group. These groups were found to be backed by the Chinese government to cause disruption in the power grid systems of India.
Red Echo
After the preliminary analysis, the cyber cell officials of the country strongly believed Red Echo to be one of the Chinese technical hacker groups since their attack pattern matched with that of the Chinese state sponsored groups like AXIOMATIC ASYMPTOTE and Shadowpad malwares. They also found that the cyber-attacks from China are increasing on a significant scale after the conflict between India and China at the borders.
To defend these attacks, India has successfully built a threat detection method called Adversary Infrastructure Detection which actively functions to detect the variations in Network Traffic and also different threat activities. This method provides appropriate evidence against various cyber groups and their source of origin.
This method was used to take down the AXIOMATIC ASYMPTOTE group which had active connections with multiple devices of different power grid sources and ports in India.
The Red Echo servers were found to target the VO Chidambaranar port in Tamil Nadu.
When it comes to Mumbai blackout outrage, the case is still under investigation since the Maharashtra cyber cell did not find any evidence those points to the Red Echo cyber group. But they strongly believe that the attack came from one of the Chinese APT groups since the attack pattern resembled to that of the Chinese strategy. Precisely, 10 distinct power organizations were targeted in the attack.
When the officials confirms Red Echo attack on 12 critical power grid firms in India, the Mumbai blackout scam had no evidence to connect with the group and the government of India has released alerts to every power stations of India to remain precautious.
PlugX
The major malware used by the Chinese hacker groups were found to be PlugX. PlugX is an intensive remote access Trojan that was found to cause depletions in several organizations since 2008. This malware was used extensively by the APT groups of China which was found evolve after every attack. More than hundreds of cases were reported of PlugX Trojan which infected various institutions like NGO’s in Hong Kong, Vatican and Catholic Church entities, the global managed security service providers etc.
PlugX was found to be used across different divisions of Indian energy, transportation, defence and other departments which are vulnerable to attacks.
The Chinese community party found to have a part in the cyber espionages conducted against Indian assets.
PlugX is supposed to cause more damage to the Indian infrastructure in the coming days. So, necessary preventive measures and security solutions should be deployed to prevent wrong happenings.
The cyber cell has also detected and warned about a new Chinese APT group, APT41 or Barium which mainly targets Indian oil and gas sectors and can cause severe economic loss to the nation.
India has decided to implement appropriate plans to defend China’s cyber-espionage. The plan was organized between the sections of Home affairs, Information Technology, defence and National Critical Information Protection Centre. This plan will be backed by the Cabinet committee headed by the Prime Minister, Narendra Modi.