The power organizations pose significant concerns to Chinese strategic objectives
A cyber campaign conducted by a China-linked group, RedEcho, is targeting India’s power sector in India, according to a report from Boston-headquartered Recorded Future, the world’s largest provider of intelligence for enterprise security, today revealed details of
Recorded Future’s Insikt Group has identified RedEcho targeting 10 distinct Indian organizations in the power generation and transmission sector and two organizations in the maritime sector, said the report released 1 Mar 2021.
Relations between India and China have deteriorated significantly in recent years and while diplomacy and economic factors have been effective in preventing a full-blown war, cyber operations continue to provide countries with a potent asymmetric capability to conduct espionage or pre-position within networks for potentially disruptive reasons, said the report.
Using a combination of proactive adversary infrastructure detections, domain analysis, and Recorded Future Network Traffic Analysis, Recorded Future’s threat research arm, Insikt Group, has determined that a subset of the servers used share some common infrastructure tactics, techniques, and procedures (TTPs) with several previously reported Chinese state-sponsored groups.
Insikt Group is attributing this activity to a distinct activity group, RedEcho. Despite some overlap with previous groups, Insikt Group does not currently believe there is enough evidence to firmly attribute the activity in this particular campaign to an existing public Chinese threat activity group.
Key findings from the report include:
• Insikt Group believes the targeting of these organizations poses significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.
• RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least 5 distinct Chinese groups.
• The computer network operations (CNO) targeting of strategically important organizations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.
“The impact of a cyber attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception,” said Dr. Christopher Ahlberg, CEO and Co-Founder, Recorded Future.
“Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organization and across a nation,” said Dr Ahlberg.
Recorded Future’s Insikt Group, the company’s threat research arm, is comprised of world-class subject-matter experts in technical threat intelligence and foreign adversary tactics, techniques, and procedures (TTPs), including analysts and security researchers with deep government and industry experience as well as native foreign-language skills.
Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable.
In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence.
Recorded Future is trusted by more than 1,000 businesses and government organizations around the world. #technology #cyber #energy #infrastructure /fiinews.com
