Sign In
Learn bits
Science & Tech., Defence & Security
Pradeep Kumar

07/03/21 12:37 PM IST

Red echo over India

In news

A State Cyber Cell probe had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company. These malwares had the potential to disrupt power distribution in the State.

How was it tracked?
  • Recorded Future did not look directly into the servers of India’s power system.
  • Instead, it found a large number of IP addresses linked to critical Indian systems communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
  • These servers had domains spoofing those of Indian power sector entities configured to them.

Shadow Pad

  • ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers.
  • Information can be extracted or more malicious code delivered via this path.
  • ShadowPad is built to target supply-chain infrastructure in sectors like transportation, telecommunication, energy and more.
  • It was first identified in 2017, when it was found hidden in a legitimate software produced by a company named NetSarang.
  • Trojanised softwares, or softwares that have dangers hidden in them, like the eponymous Trojan horse from Greek mythology, are the primary mode of delivery for ShadowPad.
Shadowpad linkage with red echo
  • Several techniques used in ShadowPad are also found in malware from Winnti group, “allegedly developed by Chinese-speaking actors”.
  • Security analysis firm FireEye links ShadowPad to a group known as ‘APT41’, which it says overlaps with the Winnti group. Microsoft has been tracking another group under the name ‘Barium’.
  • Recorded Future in its report notes large overlaps in the systems used by Red Echo and ‘APT41/Winnti/Barium’.
  • At least 3 of the [Red Echo] targeted Indian IP addresses were previously seen in a suspected APT41/Barium-linked campaign targeting the Indian Oil and Gas sectors in November 2020.

Red Echo’s targets

Recorded Future lists these as suspected targets: Power System Operation Corporation Limited, NTPC Limited, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka), Delhi Transco Ltd (substation), V. O. Chidambaranar Port and Mumbai Port Trust.

Source: The Hindu

More Related Current Affairs View All

15 Nov

Government issues guidelines to curb misleading ads by coaching centres

'The central Government issued new guidelines aimed at curbing misleading advertisements by coaching institutes, specifically prohibiting false promises such as "100 per cent selec

Read More

15 Nov

Janjatiya Gaurav Divas

'Every year on November 15th, Janjatiya Gaurav Divas is celebrated to honor the contributions of these communities, especially in India’s freedom struggle.' 5th November

Read More

15 Nov

Supreme Court’s order on mandatory accessibility standards

'A bench of the Supreme Court last week ordered the Union government to frame mandatory rules for ensuring the accessibility of public places and services to persons with disabilit

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps