Security researchers at Recorded Future released an updated report detailing the China-linked threat group RedEcho and their active targeting of India’s Power Grid. Recorded Future noted similarities between the RedEcho activity and other threat groups tracked as APT41 and TonotTeam that have been observed attempting to breach Indian organizations across all industry and government sectors, but stated that there was not sufficient evidence to attribute the RedEcho activity to these groups. According to Recorded Future Analysis, “Ten distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included two Indian seaports.”
This group has been observed utilizing ShowPad and a subset of “AXIOMATICASYMPTOTE” to accomplish their goals. These actions serve as a deliberate and aggressive demonstration of the vulnerabilities that lie within any government agency, not limited to India alone. Recorded Future attributes specific malware employed delivering a second payload to bring down power in the Mumbai region last year. Staging and pre-positioning for future operations by these threat groups was noted as well.
t is important to note the vulnerability that lies within ICS/SCADA systems at electric generation and other infrastructure at the heart of a nation, and the severe consequences to life and safety if critical infrastructure is attacked. It is of the utmost importance for Governments and large corporate enterprises to take a proactive stance regarding the safety and security of infrastructure discussed in this brief. There are many options to do so whether internally or with a third-party service provider. Binary Defense provides services through our Security Operations Center, Counter-Intelligence team and our Threat Hunting team actively searching for compromise and finding new ways to detect stealthy intrusions.
To read more, please see the following sources: