Chinese state-sponsored hackers have at least one connection still open into the network system of an Indian maritime port, Bloomberg reported on Wednesday, citing United States-based cyber security firm Recorded Future.
According to the report by Recorded Future, a China-linked group called RedEcho was targeting India’s power sector through a “handshake”, or an exchange of traffic, between itself and the Indian port. Recorded Future had first notified India about this breach on February 10, identifying 10 Indian power sector organisations and two ports as being targeted by RedEcho, according to Bloomberg.
“There’s still an active connection between the attacker and the attackee,” Stuart Solomon, Chief Executive Officer of Recorded Future told the news website. “It’s still happening.”
The February 28 report by Recorded Future had suggested that China targeted India’s power grid, months after the Galwan Valley clash in June, in which soldiers from both the countries were killed. The report raised questions about a possible link between the clash and a power blackout that brought India’s financial capital Mumbai to a standstill in October. However, investigators have not been able to substantiate this link. Indian media had in October last year, reported that authorities suspected that a malware attack had caused the outage.
On Tuesday, another cyber-intelligence company Cyfirma had said that a hacking group backed by China has been targeting the systems of Indian vaccine manufacturers Serum Institute and Bharat Biotech in recent weeks.
However, the Indian government denied any data breach due to the Chinese malware attack brought to light by the Recorded Future report. In the breach, revealed by Cyfirma, India’s Computer Emergency Response Team, or CERT, handed over the matter to its operations director.
On Wednesday, Solomon said that it was “not unusual” for countries to use incidents like the Mumbai power outage “as an instrument of national power”, Bloomberg reported. “This could be as simple as trying to drive influence operations to be able to signal either to the people or the government that at any given time they have leverage that can be used against them,” he said.
The Union Ministry of Electronics and Information Technology declined to comment on the matter when Bloomberg approached it.
Meanwhile, Chinese Foreign Ministry spokesperson Wang Wenbin on Wednesday said that rumours had no role in the matter of cyber attacks. “Speculation and fabrication have no role to play on the issue of cyber attacks, as it is very difficult to trace the origin of a cyber attack,” he said during a briefing. “It is highly irresponsible to accuse a particular party when there is no sufficient evidence around. China is firmly opposed to such irresponsible and ill-intentioned practice.”
Border tensions flared up in June after deadly clashes between Indian and Chinese soldiers in Ladakh’s Galwan Valley. Twenty Indian soldiers were killed in the clashes. China identified the casualties on its side only in February, saying that four soldiers died.
The talks between the militaries of the two countries began soon after the clashes. However, a breakthrough came only in February as Union Defence Minister Rajnath Singh informed the Parliament about the disengagement agreement reached between India and China.
The disengagement process along Pangong Tso in Ladakh began on February 10, as military commanders began pulling out troops, tanks and artillery from the area in the first step towards full withdrawal. The process has been completed. On February 20, India and China held commander-level talks to discuss pulling back from other areas.