China Seems to Warn India: Push Too Exhausting and the Lights May Go Out
So far, evidence suggests that the SolarWinds hack, named for the company that made network management software that was hijacked to paste the code, was primarily about information theft. But it also created the opportunity for far more destructive attacks – and among the companies that downloaded the Russian code were several American utility companies. They claim the incursions were managed and that their operations were not at risk.
Until the last few years, China’s focus has been on information theft. However, Beijing has become increasingly active in injecting code into infrastructure systems, knowing that the fear of an attack, if discovered, can be as powerful a tool as an attack itself.
In the Indian case, Recorded Future submitted its results to the Indian Computer Emergency Response Team (CERT-In), a kind of investigative and early warning agency that most nations maintain to keep an eye on threats to critical infrastructure. The center has twice confirmed receipt of the information, but said nothing about whether it too had found the code in the power grid.
Repeated inquiries from the New York Times to the center and several of its officials in the past two weeks have failed to produce any comment.
The Chinese government, which did not respond to questions about the code on the Indian grid, could argue that India started the cyberaggression. In India last February, a patchwork of government-backed hackers was caught with phishing emails on the coronavirus in order to target Chinese organizations in Wuhan. A Chinese security company, 360 Security Technology, accused government-sponsored Indian hackers of phishing emails against hospitals and medical research organizations in an espionage campaign.
Four months later, as tensions between the two countries on the border increased, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the attacks were so-called denial-of-service attacks that switched these systems offline. others were phishing attacks, according to police in the Indian state of Maharashtra, home of Mumbai.
By December, security experts at Cyber Peace Foundation, an Indian nonprofit tracking hacking efforts, reported a new wave of Chinese attacks in which hackers sent phishing emails to Indians in connection with the Indian holidays in October and November . The researchers linked the attacks to domains registered in China’s Guangdong and Henan provinces with an organization called Fang Xiao Qing. The aim, according to the foundation, is to preserve a bridgehead in the equipment of the Indians, possibly for future attacks.