Chinese Hacker Groups Continue to Target Indian Power Grid Assets

Business Fraud

One year ago, Chinese-linked adversaries carried out concentrated attacks on critical infrastructures within India.

One year on, and it appears that Chinese hackers have refocused their energies on Indian power grid organizations instead.

It’s been reported by cybersecurity company Recorded Future’s Insikt Group that most of the attacks have involved a modular backdoor named ShadowPad.

ShadowPad is a Trojan that has remote access and is said to be a “masterpiece of privately sold malware in Chinese espionage.”

Recorded Future’s Insikt Group has said they believe the goal of this wave of attacks, which appear to have been ongoing since September 2021, on the power grids is to gather intelligence relating to critical infrastructure systems in preparation for future contingency operations.

The Chinese-linked hackers unleashed their attack mainly in Northern India at seven State Load Despatch Centres (SDLCs). The belief being these are the targets since they are close to the disputed India-China border in Ladakh.

Currently, the RedEcho group is being held responsible. This group is one of several active Chinese government-sponsored cyber-espionage entities, although they have not yet claimed it to be their work.

Minister for Power R.K. Singh told reporters on Thursday, “We’ve already strengthened our defense system to counter such cyberattacks.”

This comes after at least two attempts by Chinese hackers were made on electricity distribution centers near Ladakh but were not successful. While the attempts haven’t been successful, R.K. Singh is yet to say whether the hackers identified had any links to the Chinese government.

On April 7, 2022, the Foreign Ministry Spokesperson for China, Zhao Lijian, made the following statement,

“We have reiterated many times that China firmly opposes and combats all forms of cyberattacks in accordance with the law. We will never encourage, support, or condone cyber attacks. Given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, it’s important to have complete and sufficient evidence when investigating and identifying cyber-related incidents.”

India’s investigations are ongoing as they continue to gather evidence and prevent further attacks.

How You Can Protect Yourself from Cyber Criminals Online

Individuals, companies, large organizations, and even governments fall victim to online cybercrime every day.

It’s estimated that an average of 2,244 cyberattacks are carried out each day, meaning that statistically speaking, no one can escape being targeted.

However, there are good security practices that everyone can and should follow to protect themselves from cybercriminals while online.

1. Use Strong Passwords

Using a password manager for all your online accounts will ensure that you have a strong and unique password. One million passwords are stolen every week, so this must be one aspect you always take seriously.

2. Check Your Device’s Permissions

Many apps and software claim that they won’t fully function unless specific permissions are granted.

However, this is usually misleading and is a way to force people to give apps and software access to their devices. Don’t grant permission unless necessary, and check your device’s settings to see which ones already have permission so you can withdraw it if you want.

3. Install a Free VPN for Chrome

Whatever device you use, you’ll be able to install a free VPN extension for Chrome. This free VPN for Chrome extension will enable you to browse the internet securely as it will hide your personal information and encrypt your data and files so they cannot be stolen. Some options even have security protection which helps identify security risks online for you.

To download a free VPN extension only takes a few moments but can save you an awful lot of stress and trouble in the future.

4. Avoid Storing Information in Public Spaces

Any public storing place such as Google Docs and Dropbox should always be avoided. Don’t use these spaces to save and store personal files, videos, pictures, account numbers, etc. Any online storage site can be hacked, and anything you have there could be used against you.

5. Set Social Media Accounts to Private

By default, social media accounts are open for everyone to view. You have to go into your settings and manually switch them to be private. Since you don’t want strangers or cybercriminals knowing personal information about you and your life, you must check that only authorized people can see what you’re posting.

In Conclusion

If a device is connected to the internet, it is possible to be hacked.  So, stay on top of your security measures, and you can surf online in peace.