Amid the military stand-off between India and China along the LAC, another battle between the two Asian giants was brewing in cyberspace. A report by ‘Recorded Future’, a US-based cyber security firm, has underlining the hybrid nature of warfare that is, and will be, the norm, writes senior journalist Sanjib Kr Baruah
New Delhi: It is now emerging that the India-China hostility that opened up in eastern Ladakh from May 2020 onwards found its way deep into cyberspace as well where India’s critical infrastructure was targeted.
A report in the New York Times on Sunday strongly hinted at the involvement of a Chinese state-sponsored group named ‘RedEcho’ that indulged in directed cyber attacks on 10 Indian power sector entities and two Indian seaports.
Noting the increased cyber espionage activity by both sides, the report also observed suspected Indian state-sponsored group Sidewinder target Chinese military and government entities in 2020.
Read: NASA renames Washington HQ to honour 'hidden figures' scientist Mary Jackson
The 19-page investigative research-based report has been prepared by ‘Recorded Future’, a US-based private cyber threat analysis firm.
From June to November 2020, in a sharp cyber escalation, the Indian government had banned more than 200 Chinese apps over fears that they might be used to collect data on Indian citizens and potentially be also used for espionage to benefit the Chinese government.
The Indian power sector entities targeted included four Regional Load Despatch Centres (RLDCs), two State Load Despatch Centres (SLDCs) while the targeted seaports were the Mumbai Port Trust and the V O Chidambaranar Port Trust.
Read: Antifa protestors threaten to 'burn' down Washington DC
The RLDCs and the SLDCs were responsible for ensuing real-time integrated operation of India’s power grid through balancing electricity supply and demand to maintain a stable grid frequency.
The report also hinted at a link between an October 2020 power outage in Mumbai that was caused due to presence of malware at a Padgha-based SLDC.
The cyber attacks used ‘ShadowPad’, a modular backdoor tool that is used across groups affiliated with both Chinese Ministry of State Security (MSS) and groups affiliated with the People’s Liberation Army (PLA) possibly hinting at a centralised ShadowPad developer responsible for maintaining and updating the tool.
Read: Capitol police chief calls for permanent fencing
‘Recorded Future’ has presently identified at least 5 Chinese threat activity groups that use ShadowPad, including the infamous APT41 and the Tonto Team.
India and China are presently engaged in a disengagement and de-escalation effort through talks at military, diplomatic, and political levels. The ongoing tension was sparked off by a border skirmish on May 4-5, 2020 near the Line of Actual Control (LAC) that snowballed into a massive militarisation effort that saw unprecedented war-like deployment by both sides.
