Oil and gas assets, too, were targeted, Recorded Future said on Thursday.
In its latest report, Massachusetts-based cyber intelligence company Recorded Future said that Chinese state-sponsored hackers might have targeted Indian Railways infrastructure, besides 10 organisations in the Indian power sector and two ports. However, there is still not sufficient data to confirm that Indian Railways infrastructure were actually attacked, said Charity Wright, Cyber Threat Intelligence Expert, Recorded Future, during a virtual briefing with reporters.
Recorded Future had earlier released a report in which it had identified 10 distinct Indian organisations in the power generation and transmission sector and two in the maritime sector which were targeted by Chinese hackers. The intrusions were conducted by a China-linked activity group that Recorded Future termed as “RedEcho”.
The 12 organisations are Power System Operation Corporation Ltd, NTPC Ltd, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka) of Delhi Transco Ltd, V.O. Chidambaranar Port, Mumbai Port Trust.
Recorded Future observed the intrusions in the Indian power sector beginning in mid-2020 amid heightened border tensions between India and China.
Relations between India and China deteriorated significantly following the border clashes in June 2020, which resulted in the first combat deaths in 45 years between the world’s two most populous nations, the report noted.
“The attack was unsettling because the hackers targeted the civilian infrastructure. It should not have happened,” said Christopher Ahlberg, Recorded Future’s CEO and Co-Founder.
It now appears that the Chinese state-backed hackers are winding down their operations, he said.
They appeared to be active till February 28, but over the past few days, their activities appear to be winding down, Ahlberg said.
From the nature of the attacks, it appears that the Chinese hackers were not interested in any economic gain and espionage advantage. They might have wanted to show their capability for disruptions or it could be a sign of their preparation for any future operations, he said.
“The Chinese will continue this sort of targeting in the future…China will continue to exert pressure on their neighbours,” Ahlberg said.
He, however, said that there is not enough data to support any link between the October 2020 power outage in Mumbai and a malware at a Padgha Load Despatch Centre in Thane district.
READ: ‘Create pool of spin doctors’: How govt plans to ‘neutralise’ criticism on digital media