China unit targets Indian telcos, firms in cyber espionage | Latest News India - Hindustan Times
close_game
close_game

China unit targets Indian telcos, firms in cyber espionage

By, New Delhi
Jun 18, 2021 07:42 AM IST

In March 2021, the Indian Computer Emergency Response Team (Cert-IN) said it found signs of China-linked cyber actors conducting an espionage campaign against the Indian transportation sector.

A suspected unit of Chinese cyber soldiers targeted Indian telecom companies, government agencies and several defence contractors, a cyber threats intelligence company said on Thursday, disclosing what it said was technical evidence of these operations and links to a specific People’s Liberation Army (PLA) unit.

China and China-linked cyber operations have been seen as a persistent threat in India.(MINT_PRINT) PREMIUM
China and China-linked cyber operations have been seen as a persistent threat in India.(MINT_PRINT)

The findings were published by the United States-headquartered Recorded Future, which earlier this year reported evidence of sustained Chinese cyber operations targeting India’s critical infrastructure in the power and ports sectors. The unit exposed in March was called RedEcho, while the new group has been identified as RedFoxtrot.

“Recorded Future’s Insikt Group identified the suspected Chinese state-sponsored group we track as RedFoxtrot targeting multiple Indian organisations throughout 2020 and 2021.

“Within India specifically, we identified the group successfully targeting two telecommunications organisations, three defense contractors, and several additional government and private sector organisations in the past 6 months,” said a person from Recorded Future’s Insikt Group, the division that tracks advanced cyber threats.

A person in India’s cybersecurity establishment did not respond to requests for a comment on the report.

“Notably, this activity took place at a time of heightened tensions between India and China,” the Insikt represenative added in a discussion over email with HT. The affected organisations have been notified.

In a separate blog post, Recorded Future said the findings were were based on analysis of network traffic, footprint of the malware used by the attackers, domain registration records and data transmitting from the possible targets.

While the campaign reported earlier this year appeared to be focussed on breaching critical infrastructure in India -- the targets purportedly included National Thermal Power Corporation (NTPC) plants -- the new campaign seems “more aligned with traditional PLA-linked activity in gathering military intelligence”.

“We believe RedFoxtrot conducts cyber espionage operations to gather intelligence on military and defense matters based on the consistent targeting of organisations within this field,” the person quoted above said, while explaining that targeting of telecommunications companies could include “strategic intelligence gathering through monitoring of downstream targets (telecommunications customers), bulk collection of communication data, as well as the ability to track and monitor individual targets”.

State-on-state cyber operations typically fall in two categories: sabotage and espionage, with the latter being more common – although both are equally hard to detect and attribute.

In March 2021, the Indian Computer Emergency Response Team (Cert-IN) said it found signs of China-linked cyber actors conducting an espionage campaign against the Indian transportation sector.

China and China-linked cyber operations have been seen as a persistent threat in India. “In relation to other ‘Big Four’ adversaries, China, and the PLA, is one of the world’s biggest cyber powers, both in terms of sophistication and the scale of operations. The recent US ODNI (Office of the Director of National Intelligence) annual threat assessment stated China is ‘a prolific and effective cyber-espionage threat, possesses substantial cyber-attack capabilities, and presents a growing influence threat’,” the Recorded Future representative said.

Recorded Future’s analysis found RedFoxtrot was linked to PLA unit 69010, and identified a location in Urumqi, Xinjiang, as the possible headquarters. “Due to lax operational security measures employed by a suspected RedFoxtrot operator, Insikt Group linked the threat group to the physical address of Unit 69010’s headquarters,” it said.

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organisations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. These targets suggest the group is likely interested in gathering intelligence on military technology and defence,” the report said

Unveiling Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch now!

Get Current Updates on India News, Election 2024, Arvind Kejriwal News Live, Bihar Board 10th Result 2024 Live along with Latest News and Top Headlines from India and around the world.

Continue reading with HT Premium Subscription

Daily E Paper I Premium Articles I Brunch E Magazine I Daily Infographics
freemium
SHARE THIS ARTICLE ON
Share this article
  • ABOUT THE AUTHOR
    author-default-90x90

    Binayak reports on information security, privacy and scientific research in health and environment with explanatory pieces. He also edits the news sections of the newspaper.

SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Friday, March 29, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On