US firm: Indian port are being targeted by Chinese hackers
According to the US firm, one connection opened by Chinese state-sponsored hackers into the network system of the Indian port is still active. This is happening even after the authorities have blocked attempts of South Asian Nation`s electrical sector.
Stuart Solomon, the firm’s chief operating officer said that Recorded Future could witness an exchange of traffic between China and Indian maritime.
RedEcho had targeted 10 entities under India`s power grid and two maritime ports, says Recorded Future.
“There’s still an active connection between the attacker and the attackee,” Solomon said, referring to the port. “It’s still happening.”
“Without any proof, slandering a specific side is irresponsible behavior and an ill-intentioned one,” Chinese Foreign Ministry spokesman Wang Wenbin said in Beijing on Wednesday.
Recorded Future, a privately held cybersecurity firm based near Boston that tracks malicious activity by nation-state actors, hasn’t made any connection or assertion between the traffic observed under RedEcho and the Mumbai outage. But, Solomon said, “it’s not unusual to see this type of technique used by nation states as an instrument of national power.”
“This could be as simple as trying to drive influence operations to be able to signal either to the people or the government that at any given time they have leverage that can be used against them,” he added.
Indian federal officials said that a malware was found but they have refused any cyberattack.
On February 12, the National Critical Information Infrastructure Protection Centre informed the central Power System Operation Corp. about the threat from RedEcho, the Power Ministry said in a statement Tuesday.
The control functions were shut down by the dispatch centre They changed user credentials and isolated vulnerable equipment.
On Wednesday, the findings of investigators from Maharashtra state will present.
On Monday, Anil Deshmukh, Maharashtra state`s home minister said that 8 giga byte of unaccounted foreign data could have been transferred to the main electricity board.
He added that black-listed IP addresses had tried to log-in to the board’s servers. He didn’t attribute the attack to any country or entity.