2 March 2021   Leave a comment

A cybersecurity organization, Recorded Future, has released a report which suggests, but does not conclude, that China launched a cyberattack on India’s electrical grid system which resulted in a temporary blackout of electricity to the city of Mumbai last October. The Executive Summary of the report asserts:

“Relations between India and China have deteriorated significantly following border clashes in May 2020 that resulted in the first combat deaths in 45 years between the world’s two most populous nations. As a result, on January 12, 2021, India’s foreign minister Subrahmanyam Jaishankar announced that trust between India and China was “profoundly disturbed.” While diplomacy and economic factors have been effective in preventing a full-blown war, notable most recently with the bilateral disengagement at the border, cyber operations continue to provide countries with a potent asymmetric capability to conduct espionage or pre-position within networks for potentially disruptive reasons.

“Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected targeted intrusion activity against Indian organizations from Chinese state-sponsored groups. From mid-2020 onwards, Recorded Future’s midpoint collection revealed a steep rise in the use of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad command and control (C2) servers, to target a large swathe of India’s power sector. 10 distinct Indian power sector organizations, including 4 of the 5 Regional Load Despatch Centres (RLDC) responsible for operation of the power grid through balancing electricity supply and demand, have been identified as targets in a concerted campaign against India’s critical infrastructure. Other targets identified included 2 Indian seaports.

“Using a combination of proactive adversary infrastructure detections, domain analysis, and Recorded Future Network Traffic Analysis, we have determined that a subset of these AXIOMATICASYMPTOTE servers share some common infrastructure tactics, techniques, and procedures (TTPs) with several previously reported Chinese state-sponsored groups, including APT41 and Tonto Team.

“Despite some overlaps with previous groups, Insikt Group does not currently believe there is enough evidence to firmly attribute the activity in this particular campaign to an existing public group and therefore continue to track it as a closely related but distinct activity group, RedEcho.”

The full report is available to anyone who wishes to register to Recorded Future and it is a very detailed and well-documented report, but also full of technical jargon that is difficult for me to assess. The New York Times summarizes some of the findings in an article entitled “China Appears to Warn India: Push Too Hard and the Lights Could Go Out”. The Indian press was quick to blame China for the attack:

“Thousands of cyber attacks had been witnessed in a period of four to five days in June this year on the Information, Banking and Infrastructure sectors in the country.

“The Maharashtra Cyber department had said after thorough analysis and investigation it has been found that all these attacks generated from China and were targeted at some of the most crucial sectors.

“Special Inspector General of Police, Yashasvi Yadav, Maharashtra Cyber Intelligence Cell had then said, ‘We at the Maharashtra Cyber department have collated information that in the Indian cyberspace there has been a sudden surge since past four to five days where attacks have happened on major sectors from China. These sectors include Information, Infrastructure and Banking. There has been a minimum of 40300 probes or cyber attacks for which we have gathered information as of now.’

“He added, ‘These cyber-attacks or hacking attempts are happening from the Chengdu area of China. Chengdu is the capital of southwestern China’s Sichuan province. These can be divided into three categories which are Denial of service attacks.'”

Needless to say, the Chinese have denied that they were responsible for the attack: “The relevant allegations are pure rumors and slanders. Cyber attacks are highly complicated and sensitive, and their origin is difficult to trace. Speculation and fabrication have no role to play on the issue of cyber attacks. It is highly irresponsible to accuse a particular party when there is no evidence. China is firmly opposed to such irresponsible and ill-intentioned practice.”

It is unlikely that there will be a definitive determination of what actually happened in India. But there is no question that the cyber attack is something which states cannot ignore and raise the stakes in any possible future crisis. Cyber activity is now firmly established as an instrument of war and diplomacy. The Center for Strategic and International Studies has complied a very long list of previous cyberwarfare activities which can be accessed here.

Posted March 2, 2021 by vferraro1971 in World Politics

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: