Chinese hackers targeted India's oil and gas assets, Indian Railways, says Recorded Future

After ringing alarm bells over the Chinese cyber-attacks on India’s power infrastructure, US-based Recorded Future on March 4 said that other than 10 power sector assets including state-run NTPC and Power Sector Operation Corporation Ltd (POSOCO), two ports, oil and gas assets and the Indian Railways were also exposed to cyber-attacks by Chinese group RedEcho.

However, Recorded Future, a Massachusetts-based company that came out with the findings, said that there is no data to connect the Mumbai power outage with RedEcho but the group was live till February 28. Other than NTPC and POSOCO, the other power sector assets that were under attack included NTPC Kudgisuper thermal power plant, load despatch centres in Western, southern, northeastern and eastern regions, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, Delhi Transco Ltd substation at Mundka, V O Chidambaranar port in Tamil Nadu and Mumbai Port Trust.

Addressing a webinar, Christopher Ahlberg, co-founder and chief executive officer of Recorded Future, said, “We are tracking RedEcho since October 2020. Their targets include India’s oil and gas assets, electricity sector, maritime assets and critical rail infrastructure.”

After the report became public, the Ministry of Power came out with a statement saying that there was no impact on any of the functionalities carried out by POSOCO due to the referred threat and there was no data breach detected due to this incident. The ministry had received an email from the Indian Computer Emergency Response Team (CERT-In) in November 2020 about a threat by malware ‘ShadowPad’ at some control centres of POSOCO.