China steps up cyber-attacks after disengagement from Pangong lake

By Pushkar Sinha
New Delhi, March 13: Indian government organisations such as Computer Emergency Response Team (CERT-IN) and National Critical Information Infrastructure Protection Centre (NCIIPC) have reported that Chinese hackers have attempted to infiltrate the countrys cyberspace after troops from the two neighbours disengaged from Pangong Lake in eastern Ladakh.

On February 28, the ‘Red Echo’ group targeted NTPC Infrastructure with a malware that it had planted, establishing a connection that fed into the hacker’s server, as reported by Recorded Future, a cybersecurity firm.

NCIIPC’s Threat Assessment group has identified Emissary Panda, also known as APT-27, which is a China-based threat actor that targets foreign embassies for stealing data related to technology, government and defence sectors. NCIIPC has further warned in its report published in October 2020 that is if these malicious attackers gain access to industrial control system, they will be able to disrupt safety processes leading to damaged turbines, threats to personnel safety, costly outages and even environmental damages.

The Recorded Future report further states that Chinese state sponsored group named Red Echo has been utilising advanced cyber-intrusion techniques to gain foothold in around a dozen critical nodes across the Indian power generation and transmission infrastructure. The attacks have been thwarted with no impact on the functionalities carried out by the Power Sector Operations Corporation (POSOCO).

Also, no data loss or data breach has been detected from the referred threat. Chinese malware was also being used to target power systems at Telangana’s TS Transco and TS Genco that run utilities in the state.

The hackers were attempting to steal data and disrupt the power supply in the state. The attempt was successfully thwarted because CERT-IN has issued an alert and subsequently GENCO blocked the suspected IP addresses and changed the user credentials of all officials operating remotely as precautionary measure, as reported by the local media.

China’s involvement in these cyber-attacks can be assessed by the fact that pattern and infrastructure used by the group ‘Red Echo’ is the same as that used by the Chinese government. Also. the aim of the cyber-attack has been to cripple the critical infrastructure of India.

China is the only country that has the capability and the intention to carry out an amplified cyber-attack of such magnitude. The Recorded Future report further states at least one connection opened by the Chinese state-sponsored hackers is still active in the network system of an Indian port.

To this end, Cyfirma, a cyber intelligence firm has reported that Chinese hacking group APT10, also known as Stone Panda, had identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII) and subjected them to cyber-attacks.

The aim of these virtual attacks is to gain access to the cold storage facilities where the vaccine is kept and disrupt the supply chain. All Indian vaccines have to be stored at a temperature of 2-8 degree Celsius and can be destroyed if any foreign actor takes remote control of the storage facilities and raises the temperature7.

Another spike in the number of cyber-attacks was noticed after the face off at Galwan valley with around 40,000 attacks on the Indian Cyber Space. Information available with the agencies suggests that most of these attacks have originated from Sichuan province of China that is the headquarters of China’s Cyber warfare.

A report by the local media has revealed that the Indian Cyber Space is being mainly targeted using two technologies, namely ‘Distributed Denial of Service’ and ‘Internet Protocol Hijack’. ‘Distributed Denial of Service’ involves overloading a Utility Private website that is designed to accept only a thousand request with around ten lakhs requests to crash the system and knock the website off the internet.

‘Internet Protocol Hijack’ involves diverting the data being sent through the internet to China for surveillance purposes.

India’s response to these cyber-attacks has been restrained, and in the short term can be considered rational. Attribution remains a problem in the cyber domain, since the Chinese government has repeatedly denied responsibility for these actions.

Unlike with the use of conventional weapons that are the domain of the country’s military, the government can deny its connection to hackers that makes threat of escalation risky.

Turning to conventional military weapons as a deterrent to cyber-attacks can escalate the conflict even more, enhancing the dangers of an outright war. Till now, China’s cyber-attacks have been unable to damage India’s infrastructure or resulted in casualties to justify a more provocative conventional attack.

Yet because short term strategy of restraint might encourage China to simply continue with the attacks, India has taken more proactive steps to strengthen national security. India has announced the formation of a Defence Cyber Agency that will rely on the existing capability from the armed forces to better respond to cyber-attacks which is a promising start.

Another preventative measure put in place is aimed at developing indigenous microprocessors and reducing the dependence on the country’s import of military software. Experts also advise India to benefit from leading an effort to create a multinational cyber coalition (MNCC) in partnership with other countries in Asia that are a high risk of cyber-attacks from China.

The MNCC countries would be able to harness their collective cyber capabilities to better identify and respond to cyber-attacks.

(This content is being carried under an arrangement with