Sign In
Learn bits
Science & Tech., Defence & Security
Pradeep Kumar

07/03/21 12:37 PM IST

Red echo over India

In news

A State Cyber Cell probe had found 14 Trojan horses in the servers of the Maharashtra State Electricity Transmission Company. These malwares had the potential to disrupt power distribution in the State.

How was it tracked?
  • Recorded Future did not look directly into the servers of India’s power system.
  • Instead, it found a large number of IP addresses linked to critical Indian systems communicating for months with AXIOMATICASYMPTOTE servers connected to Red Echo.
  • These servers had domains spoofing those of Indian power sector entities configured to them.

Shadow Pad

  • ShadowPad is a backdoor Trojan malware, which means it opens a secret path from its target system to its command-and-control servers.
  • Information can be extracted or more malicious code delivered via this path.
  • ShadowPad is built to target supply-chain infrastructure in sectors like transportation, telecommunication, energy and more.
  • It was first identified in 2017, when it was found hidden in a legitimate software produced by a company named NetSarang.
  • Trojanised softwares, or softwares that have dangers hidden in them, like the eponymous Trojan horse from Greek mythology, are the primary mode of delivery for ShadowPad.
Shadowpad linkage with red echo
  • Several techniques used in ShadowPad are also found in malware from Winnti group, “allegedly developed by Chinese-speaking actors”.
  • Security analysis firm FireEye links ShadowPad to a group known as ‘APT41’, which it says overlaps with the Winnti group. Microsoft has been tracking another group under the name ‘Barium’.
  • Recorded Future in its report notes large overlaps in the systems used by Red Echo and ‘APT41/Winnti/Barium’.
  • At least 3 of the [Red Echo] targeted Indian IP addresses were previously seen in a suspected APT41/Barium-linked campaign targeting the Indian Oil and Gas sectors in November 2020.

Red Echo’s targets

Recorded Future lists these as suspected targets: Power System Operation Corporation Limited, NTPC Limited, NTPC Kudgi STPP, Western Regional Load Despatch Centre, Southern Regional Load Despatch Centre, North Eastern Regional Load Despatch Centre, Eastern Regional Load Despatch Centre, Telangana State Load Despatch Centre, Delhi State Load Despatch Centre, DTL Tikri Kalan (Mundka), Delhi Transco Ltd (substation), V. O. Chidambaranar Port and Mumbai Port Trust.

Source: The Hindu

More Related Current Affairs View All

17 Jan

Groundwater contamination in India

'Of the 15,239 groundwater samples collected from across the country for testing, 19.8% samples had nitrates — nitrogenous compounds — above safe limits though it must

Read More

17 Jan

Draft data protection rules

'The Ministry of Electronics and Information Technology on January 3, 2025, released the the draft rules for implementing the Digital Personal Data Protection (DPDP) Act, 2023 &mda

Read More

16 Jan

INS Surat, INS Nilgiri and INS Vaghsheer commissioned

'PM Modi dedicated three frontline naval combatants to the nation on their commissioning.' The naval combatants – INS Surat, INS Nilgiri and INS Vaghsheer --were commissio

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps