So far, evidence suggests that the SolarWinds hack, named for the company that made network management software that was hijacked to paste the code, was primarily about information theft. But it also created the opportunity for far more destructive attacks – and among the companies that downloaded the Russian code were several American utility companies. They claim the incursions were managed and that their operations were not at risk.
Until recently, China’s focus has been on information theft. However, Beijing is increasingly active in injecting code into infrastructure systems, knowing that fear of an attack, if discovered, can be as powerful a tool as an attack itself.
In the Indian case, Recorded Future forwarded its results to the Indian Computer Emergency Response Team (CERT-In), a kind of investigative and early warning agency that most nations maintain to keep an eye on threats to critical infrastructure. The center has twice confirmed receipt of the information, but said nothing about whether it too had found the code in the power grid.
Repeated efforts by the New York Times over the past two weeks to obtain comments from the center and several of its officials have yielded no response.
The Chinese government, which did not respond to questions about the code on the Indian grid, could argue that India started the cyberaggression. In India last February, a patchwork of government-backed hackers was caught with phishing emails about coronavirus in order to target Chinese organizations in Wuhan. A Chinese security company, 360 Security Technology, accused state-sponsored Indian hackers of phishing emails against hospitals and medical research organizations in an espionage campaign.
Four months later, as tensions between the two countries on the border increased, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the attacks were so-called denial-of-service attacks that switched these systems offline. others were phishing attacks, according to police in the Indian state of Maharashtra, home of Mumbai.
By December, security experts from Cyber Peace Foundation, an Indian nonprofit tracking hacking efforts, reported a new wave of Chinese attacks in which hackers sent phishing emails to Indians in connection with the Indian holidays in October and November . The researchers linked the attacks to domains registered in China’s Guangdong and Henan provinces with an organization called Fang Xiao Qing. The goal, according to the foundation, was to preserve a bridgehead in the Indian equipment, possibly for future attacks.
