Why a Chinese state-backed hacker company targeted Indian vaccine makers

Amid degrading relations between India and China last year, evidence emerged in September of an attempt by a company linked to the Chinese government to monitor the digital footprint of thousands of Indian citizens. In November, the government was informed of a malware threat in segments of its power infrastructure – malware that was linked to a Chinese state-backed company last month. Today, a cyber intelligence firm claims that another Chinese government-linked hacking group has targeted the manufacturers of the two vaccines currently in use in India’s Covid-19 vaccination program.

Newsletter | Click for Today’s Best Explanations to your inbox

A look at the various surveillance and hacking attempts, and their implications:

Zhenhua and his targets

The Indian Express previously reported in a series of reports that a Shenzhen-based technology company Zhenhua Data Information Technology Co, with ties to the Chinese government and the Chinese Communist Party, was monitoring more than 10,000 Indian individuals and organizations. It was part of the company’s global “foreign targets” database. Its modus operandi is to collect information about affected people from the web and social media platforms, and to track research papers, articles, patents and recruiting positions.

The company also monitors the person’s digital footprint on social media platforms and maintains an “information library”. The people monitored in this database included not only influential political and industrial figures, but bureaucrats in key positions, judges, scientists and academics, journalists, actors, sportsmen, religious figures, activists. and even hundreds of defendants of financial crime, corruption, terrorism and smuggling.

Zhenhua’s collection of this data does not violate any rules under the Information Technology Act 2000, as almost all of this data is available in the public domain. However, Zhenhua’s 24 × 7 watch had raised red flags with cybersecurity experts, who observed that the information collected could be put together for tactical maneuvers, targeting people under surveillance or their institutions.

Red Echo and ShadowPad

On February 28, Massachusetts-based cybersecurity firm Recorded Future released a report saying it had observed a “sharp increase” in the use of resources such as malware by a Chinese group called Red Echo for target “a large part” of the Indian electricity sector.

He said 10 separate Indian power sector organizations were being targeted, including four Regional Load Dispatch Centers (RLDCs) which are responsible for keeping the country’s power grid running smoothly by balancing supply and demand. ‘electricity. Recorded Future said the group is also targeting two Indian seaports.

Red Echo used malware called ShadowPad, which involves the use of a backdoor to gain access to servers. The Energy Ministry confirmed these attempts on Monday, saying it was informed in November 2020 of the ShadowPad malware “in certain control centers” of Power System Operation Corporation Ltd (POSOCO), the government company responsible for facilitating the transfer of electricity. via load shipping centers.

The ministry said it was made aware of Red Echo’s attempts to target cargo shipping centers across the country in February. He said that “no data breach / data loss” had been detected due to the incidents and that none of POSOCO’s functions had been affected. The government said it had taken action against the threats observed.

While there had been speculation earlier that Red Echo may have been behind the Oct. 12 power outage in Mumbai, Union Power Minister RK Singh on Tuesday denied that the outage current in the city was the result of a cyberattack, instead attributing it to human error.

📣 JOIN NOW 📣: The telegram chain explained express

Stone Panda and vaccines

On Monday, Cyfirma, a cyber intelligence firm backed by Goldman Sachs, said that a Chinese hacker group known as Stone Panda had “identified gaps and vulnerabilities in IT infrastructure and chain software.” supply to Bharat Biotech and the Serum Institute of India, ”according to a Reuters report. . These companies developed Covaxin and Covishield, which are currently used in the national vaccination campaign. They are also testing other Covid-19 vaccines that could add value to efforts around the world.

Some Indian companies involved in the development of the Covid-19 vaccine told the Indian Express they had noticed an almost 100-fold increase in attempted cyberattacks by foreign entities from countries like China and Russia in the past six years. last months.

Possible reasons

All of this could happen for several reasons. One of the major factors is the border clash between the two countries in June 2020.

“As bilateral tensions continue to increase, we expect to see a continued increase in cyber operations by China-related groups such as RedEcho, in line with national strategic interests,” Recorded Future said.

Other cybersecurity experts agree.

“This is clearly something that ties into China’s geopolitical interests,” said Raman Jit Singh Chima, director of Asia-Pacific policy and head of global cybersecurity at Access Now. “It is very clear that the use of cyber offensive and espionage tools is a fairly active part of what the People’s Republic of China seems to be embracing and encouraging. Even when they are not directly in charge of an offensive operation, they seem to constantly encourage actors to develop this capacity.

However, as the “China Watching” series in The Indian Express reports, these attempts could also be part of a long-term strategy.

“It could also be an attempt to test and lay the groundwork for new operations in the future,” Chima said. “You also have to remember that sometimes these offensive operations are carried out to distract people from other places they might target or other activities that might occur.”

There has been an increase in cyber offensive operations and incidents around the world in the second half of 2020, particularly in healthcare and vaccines, with incidents often attributed to actors linked to the Chinese and Russian governments, according to Chima. .

When vaccine manufacturers are targeted, the motive could be competition. The motivation behind Stone Panda’s attack on SII and Bharat Biotech’s computer systems was to extract intellectual property from companies and gain a “competitive advantage over Indian pharmaceutical companies,” according to Reuters. SII and Bharat Biotech have secured global orders for their vaccines.

Lack of information

India has not voluntarily made public information about these attempts. According to Chima, this lack of information could leave other companies and government agencies in the dark about their vulnerability to such attacks.

“The problem is, you need more data to be able to understand what’s going on, including specific data on what happened in India,” Chima said.

He said there was also little clarity on the government’s chain of command when it comes to cybersecurity issues, as different agencies deal with this issue. This makes it difficult to understand who to turn to in the event of such cyber threats.

“Because this information is not available and it is not readily available – except for people who work closely with the government – it has an impact on cybersecurity in India as a whole,” said Chima.