×

UPSC Courses

DNA banner

DAILY NEWS ANALYSIS

  • 07 March, 2021

  • 8 Min Read

Cyber-attacks-‘Red Echo’

Cyber-attacks-‘Red Echo’

When did Chinese malware target Indian power grid utilities and why is it a matter of concern?

Introduction

  • Maharashtra Power Minister announced that a State Cyber Cell probe had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company.
  • These malwares had the potential to disrupt power distribution in the State.
  • The announcement came in the wake of a report from Recorded Future, a U.S.-based cybersecurity firm, stating that a group linked to the Chinese government, which it called ‘Red Echo’, had targeted 10 vital nodes in India’s power distribution system and two seaports.
  • Recorded Future claims the cyber intrusions from China began in May 2020 amid heightened tensions at the border.
  • It also suggested that these malwares could be the cause of the massive power outage in Mumbai last October.
  • The Power Ministry said Chinese hacker groups had targeted various Indian power centres but these groups had been thwarted after government cyber agencies warned it about their activities.
  • The Ministry said there had been “no data breach” from the threat.

How did Recorded Future track malware in Indian systems?

  • Recorded Future found a large number of IP addresses linked to critical Indian systems communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
  • These servers had domains spoofing those of Indian power sector entities configured to them.
    • For example, it had an ‘ntpc-co.com’ domain, which spoofs the original ntpc.co.in.
    • AXIOMATICASYMPTOTE servers act as command-and-control centres for a malware known as ShadowPad.

What is a command-and-control server?

  • A command and control centre is considered to be the core for managing disasters, respond to inconsistent conditions and various operations in a city. It is even referred to as 'situation room. ' It is the place where the overall operations of an organization like monitoring, controlling and commanding are carried out.

What is ShadowPad?

  • ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers.
  • Information can be extracted or more malicious code delivered via this path.
    • Mr. Raut had said that there was an attempt to “either insert or remove around 8 GB of data from the server”.
  • Security firm Kaspersky says ShadowPad is built to target supply-chain infrastructure in sectors like transportation, telecommunication, energy and more.
  • It was first identified in 2017, when it was found hidden in a legitimate software produced by a company named NetSarang. Trojanised softwares, or softwares that have dangers hidden in them, like the eponymous Trojan horse from Greek mythology, are the primary mode of delivery for ShadowPad.

How are ShadowPad and Red Echo linked to China?

  • Kaspersky states that several techniques used in ShadowPad are also found in malware from Winnti group, “allegedly developed by Chinese-speaking actors”.
  • Security analysis firm FireEye links ShadowPad to a group known as ‘APT41’, which it says overlaps with the Winnti group.
  • Microsoft has been tracking another group under the name ‘Barium’.
  • The U.S. Department of Justice confirmed that these were the intrusions that various security researchers were tracking using different threat labels such as ‘APT41’, ‘Barium’, ‘Winnti’, ‘Wicked Panda’, and ‘Wicked Spider’.
  • Security firm FireEye also “assesses with high confidence” that ‘APT41’ “carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control”, i.e., the group not only spies for the Chinese government but also does cybercrime when it suits them.
    • The group has been known to target the video-game industry.
  • Recorded Future in its report notes large overlaps in the systems used by Red Echo and ‘APT41/Winnti/Barium’.

What were Red Echo’s targets?

  • Recorded Future lists these as suspected targets: Power System Operation Corporation Limited, NTPC Limited, etc.
  • V. O. Chidambaranar Port and Mumbai Port Trust.

What is the objective of Red Echo?

  • Recorded Future says that Red Echo has minimal espionage possibilities.
  • They pose significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.

Source: TH


Geopolitical Significance of Ports

Geopolitical Significance of Ports (IR)  Act as geopolitical assets: Ports enhance the projection of strategic reach, which helps strengthen the country’s control over important sea and energy supply routes.  E.g. Indian Navy’s staging base at Agalega Islands will enable marine patrols

SPACE VEHICLE - PSLV & GSLV - Space ORBITS

SPACE VEHICLE - PSLV & GSLV - Space ORBITS (S&T) GS PAPER-3 India has one of the world's most effective and active space programmes, with a diverse set of missions and accomplishments in the space sector. The Indian Space Research Organisation (ISRO) is India's primary space agency located in Bangalore. It has made sign

Pradhan Mantri Suryodaya Yojana

Recently, Prime Minister announced Pradhan Mantri Suryodaya Yojana under which 1 crore households will get rooftop solar power systems. India’s Status of Current Solar Capacity India currently stands at 4th place globally in solar power capacity. As per Ministry of New an

Foreign Contribution Regulation Act (FCRA)- NGO 

The Foreign Contribution Regulation Act, 2010 (FCRA) registration of two prominent non-governmental organisations (NGOs) — Centre for Policy Research (CPR) and World Vision India (WVI) have been cancelled this month. What is FCRA? Key provisions of FCRA, 2010 Key aspects Description

Voice clone-AI

Voice clone fraud has been on the rise in India. AI voice cloning – It is the process of creating a synthetic replica of a person’s voice through machine learning and speech synthesis technology.It is called as voice deepfakesor audio deepfakes. Objective – To achieve a high level of na

Toppers

Search By Date

Newsletter Subscription
SMS Alerts

Important Links

UPSC GS Mains Crash Course - RAW Prelims Answer Key 2024