Sign In
Learn bits
Science & Tech., Defence & Security
Pradeep Kumar

07/03/21 12:37 PM IST

Red echo over India

In news

A State Cyber Cell probe had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company. These malwares had the potential to disrupt power distribution in the State.

How was it tracked?
  • Recorded Future did not look directly into the servers of India’s power system.
  • Instead, it found a large number of IP addresses linked to critical Indian systems communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
  • These servers had domains spoofing those of Indian power sector entities configured to them.

Shadow Pad

  • ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers.
  • Information can be extracted or more malicious code delivered via this path.
  • ShadowPad is built to target supply-chain infrastructure in sectors like transportation, telecommunication, energy and more.
  • It was first identified in 2017, when it was found hidden in a legitimate software produced by a company named NetSarang.
  • Trojanised softwares, or softwares that have dangers hidden in them, like the eponymous Trojan horse from Greek mythology, are the primary mode of delivery for ShadowPad.
Shadowpad linkage with red echo
  • Several techniques used in ShadowPad are also found in malware from Winnti group, “allegedly developed by Chinese-speaking actors”.
  • Security analysis firm FireEye links ShadowPad to a group known as ‘APT41’, which it says overlaps with the Winnti group. Microsoft has been tracking another group under the name ‘Barium’.
  • Recorded Future in its report notes large overlaps in the systems used by Red Echo and ‘APT41/Winnti/Barium’.
  • At least 3 of the [Red Echo] targeted Indian IP addresses were previously seen in a suspected APT41/Barium-linked campaign targeting the Indian Oil and Gas sectors in November 2020.

Red Echo’s targets

Recorded Future lists these as suspected targets: Power System Operation Corporation Limited, NTPC Limited, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka), Delhi Transco Ltd (substation), V. O. Chidambaranar Port and Mumbai Port Trust.

Source: The Hindu

More Related Current Affairs View All

21 Sep

India Achieves Tier 1 Status in Global Cybersecurity Index 2024

' India has secured Tier 1 status in the Global Cybersecurity Index (GCI) 2024, published by the International Telecommunication Union (ITU).' The GCI is a comprehensive assessm

Read More

21 Sep

A new White Revolution

'Operation Flood, launched in 1970, ushered in the White Revolution and transformed the dairy sector in India.' Dairy cooperatives procured 660 lakh kg of milk per day in 2023-2

Read More

21 Sep

Changes in Canada’s international work permit system

'Canadian Prime Minister Justin Trudeau announced changes to the country’s international work permit system, aiming to reduce the number of immigrant workers in Canada.'

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps