A new tactic for Chinese cyber actors: threatening critical infrastructure

A new tactic for Chinese cyber actors: threatening critical infrastructure

The Rashtrapati Bhawan – the official home of India’s president – is illuminated at night. (Malhotraaman, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons)

A newly discovered threat group that researchers have attributed to the Chinese government is breaching the power infrastructure in India, amid tensions along the two countries’ borders. Researchers say it’s the first time a China-linked cyber actor has emerged as a significant threat against another nation’s critical infrastructure.

Recorded Future’s Insikt research team, which discovered the hackers, dubbed the group RedEcho, and has traced their hacking efforts against Indian energy assets back to mid-2020, around the same time that a squabble between China and India over the Himalayan border began to escalate. In June, India logged the first combat deaths between the two countries this century.

The choice of targets suggests RedEcho may be more interested in offensively positioning China for future conflict rather than engaging in the peace-time intellectual property theft that Chinese hackers are typically known for, said Jon Condra, Recorded Future’s head of nation-state research, via email.  

“The targeting of India’s regional and state load dispatch centers, a power substation, and a coal-fired thermal power plant likely offers the attackers little in the way of economic espionage opportunities, but pose significant concerns of potential prepositioning of network access to support Chinese strategic objectives,” he said.

According to the Recorded Future report, more likely explanations include preparing for a kinetic attack, creating fodder for an information campaign, or signaling to the Indian government that it needs to back off.

Condra added: “Outside of traditional espionage, the targeting of the energy sector, and critic ..