Security researchers at Recorded Future released an updated report detailing the China-linked threat group RedEcho and their active targeting of India’s Power Grid. Recorded Future noted similarities between the RedEcho activity and other threat groups tracked as APT41 and TonotTeam that have been observed attempting to breach Indian organizations across all industry and government sectors, but stated that there was not sufficient evidence to attribute the RedEcho activity to these groups. According to Recorded Future Analysis, “Ten distinct Indian power sector organizations, including four of the five Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included two Indian seaports.”
This group has been observed utilizing ShowPad and a subset of “AXIOMATICASYMPTOTE” to accomplish their goals. These actions serve as a deliberate and aggressive demonstration of the vulnerabilities that lie within any government agency, not limited to India alone. Recorded Future attributes specific malware employed delivering a second payload to bring down power in the Mumbai region last year. Staging and pre-positioning for future operations by these threat groups was noted as well.