Maritime Risk Intelligence Blog

Chinese hackers are still actively targeting Indian port in shadow war

Written by Dryad Global | March 5, 2021 at 12:03 PM

At least one connection opened by Chinese state-sponsored hackers into the network system of an Indian port is still active, even as authorities block attempts to penetrate the nation’s electrical sector, according to the US firm that alerted officials.

As of Tuesday, Recorded Future could see a ‘handshake’ -- indicating an exchange of traffic -- between a China-linked group and an Indian maritime port, said Stuart Solomon, the firm’s chief operating officer. Recorded Future calls the group RedEcho and says it had targeted as many as 10 entities under India’s power grid as well as two maritime ports when the company first notified India’s Computer Emergency Response Team on February 10. Most of these connections were still operational as recently as February 28, Solomon said.

“There’s still an active connection between the attacker and the attackee,” Solomon said, referring to the port. “It’s still happening.”

A spokesman for India’s ministry of electronics and information technology wasn’t immediately available for comment. “Without any proof, slandering a specific side is irresponsible behavior and an ill-intentioned one,” Chinese foreign ministry spokesman Wang Wenbin said in Beijing on Wednesday. 

The intrusions into India’s critical infrastructure have been occurring since at least the middle of last year, according to Recorded Future, which tracks back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas.

Since then, authorities across India’s federal and state governments have been bickering about whether a cyberattack was responsible for the October collapse of the power grid that supplies Mumbai, an outage that brought the financial hub to a halt for several hours, impacting stock markets, transport networks and thousands of households.

Source: Times of India