Sign In
Learn bits
Science & Tech., Defence & Security
Pradeep Kumar

07/03/21 12:37 PM IST

Red echo over India

In news

A State Cyber Cell probe had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company. These malwares had the potential to disrupt power distribution in the State.

How was it tracked?
  • Recorded Future did not look directly into the servers of India’s power system.
  • Instead, it found a large number of IP addresses linked to critical Indian systems communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
  • These servers had domains spoofing those of Indian power sector entities configured to them.

Shadow Pad

  • ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers.
  • Information can be extracted or more malicious code delivered via this path.
  • ShadowPad is built to target supply-chain infrastructure in sectors like transportation, telecommunication, energy and more.
  • It was first identified in 2017, when it was found hidden in a legitimate software produced by a company named NetSarang.
  • Trojanised softwares, or softwares that have dangers hidden in them, like the eponymous Trojan horse from Greek mythology, are the primary mode of delivery for ShadowPad.
Shadowpad linkage with red echo
  • Several techniques used in ShadowPad are also found in malware from Winnti group, “allegedly developed by Chinese-speaking actors”.
  • Security analysis firm FireEye links ShadowPad to a group known as ‘APT41’, which it says overlaps with the Winnti group. Microsoft has been tracking another group under the name ‘Barium’.
  • Recorded Future in its report notes large overlaps in the systems used by Red Echo and ‘APT41/Winnti/Barium’.
  • At least 3 of the [Red Echo] targeted Indian IP addresses were previously seen in a suspected APT41/Barium-linked campaign targeting the Indian Oil and Gas sectors in November 2020.

Red Echo’s targets

Recorded Future lists these as suspected targets: Power System Operation Corporation Limited, NTPC Limited, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka), Delhi Transco Ltd (substation), V. O. Chidambaranar Port and Mumbai Port Trust.

Source: The Hindu

More Related Current Affairs View All

05 May

Key objectives of caste count

'The Union Cabinet has decided that the next Census will include questions on caste to its enumeration of India’s population, for the first time in almost a century. ' T

Read More

05 May

2 new genome-edited rice varieties

'Agriculture Minister Shivraj Singh Chouhan recently released two genome-edited varieties of rice, the first achievement of its kind in the country.' These two varieties, which

Read More

05 Mar

First-ever comprehensive survey of India’s river dolphins

'Prime Minister Narendra Modi released the results of the first-ever comprehensive population estimation of riverine dolphins – Gangetic and Indus dolphins – done in In

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps