Chinese hackers might have targeted Indian Railways infra: Recorded Future

New Delhi: Besides 10 organisations in the Indian power sector and two ports, Chinese state-sponsored hackers might also have targeted Indian Railways infrastructure, an expert with cyber intelligence company Recorded Future said on Thursday.

However, there is still not enough data to confirm that Indian Railways infrastructure were actually attacked, Charity Wright, Cyber Threat Intelligence Expert, Recorded Future, said during a virtual briefing with reporters.

Recorded Future had earlier released a report in which it had identified 10 distinct Indian organisations in the power generation and transmission sector and two in the maritime sector which were targeted by Chinese hackers.

The intrusions were conducted by a China-linked activity group that Recorded Future termed as “RedEcho”.

The 12 “victim” organisations are – Power System Operation Corporation Ltd, NTPC Ltd, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka) of Delhi Transco Ltd, V.O. Chidambaranar Port, Mumbai Port Trust.

Recorded Future observed the intrusions in the Indian power sector beginning in mid-2020 amid heightened border tensions between India and China.

Relations between India and China deteriorated significantly following the border clashes in June 2020 that resulted in the first combat deaths in 45 years between the world’s two most populous nations, the report noted.

“The attack was unsettling because the hackers targeted the civilian infrastructure. It should not have happened,” said Christopher Ahlberg, Recorded Future’s CEO and Co-Founder.

It now appears that the Chinese state-backed hackers are winding down their operations, he said.

They appeared to be active till February 28, but over the past few days, their activities appear to be winding down, Ahlberg said.

From the nature of the attacks, it appears that the Chinese hackers were not interested in any economic gain and espionage advantage. They might have wanted to show their capability for disruptions or it could be a sign of their preparation for any future operations, he said.

“The Chinese will continue this sort of targeting in the future…China will continue to exert pressure on their neighbours,” Ahlberg said.

He, however, said that there is not enough data to support any link between the October 2020 power outage in Mumbai and a malware at a Padgha Load Despatch Centre in Thane district.