Security News > 2022 > April > Chinese Hacker Groups Continue to Target Indian Power Grid Assets
China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light.
Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been dubbed a "Masterpiece of privately sold malware in Chinese espionage."
The 2021 RedEcho attacks involved the compromise of 10 distinct Indian power sector organizations, including six of the country's regional and state load despatch centres, two ports, a nation power plant, and a substation.
Recorded Future linked the latest set of malicious activities to an emerging threat cluster it's tracking under the moniker Threat Activity Group 38 aka TAG-38, citing "Notable distinctions" from that of the previously identified RedEcho TTPs. In addition to attacking power grid assets, TAG-38 impacted a national emergency response system and the Indian subsidiary of a multinational logistics company.
"The use of ShadowPad across Chinese activity groups continues to grow over time, with new clusters of activity regularly identified using the backdoor as well as continued adoption by previously tracked clusters," the researchers said, adding it's monitoring at least 10 distinct groups with access to the malware.
"Recently, Chinese cybersecurity companies released a series of reports, revealing that the U.S. government launched cyber attacks on many countries around the world, including China, seriously jeopardizing the security of critical infrastructure of these countries," China's Foreign Ministry spokesperson, Zhao Lijian, said.
News URL
https://thehackernews.com/2022/04/chinese-hacker-groups-continue-to.html
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)