RedEcho

China’s RedEcho sent a clear signal to India that, while China may engage in fisticuffs along the line of control, they were willing to escalate the low-intensity conflict into the cyber domain targeting India’s infrastructure.

We talked with Recorded Future’s Insikt Group about the RedEcho activity to learn if neighboring nations, or those involved with the Chinese Belt and Road Initiative, were similarly engaged by RedEcho, and learned that the attacks have “been exclusively focused on Indian targets.” With the publication of the report on March 1, the Insikt Group noted that activity “gradually ceased and the last communication identified between the victim organizations and the RedEcho infrastructure was on March 2, 2021.”

The Insikt Group added that the RedEcho team “parked large amounts of their infrastructure, likely in response to the public reporting and incident response efforts.” They opined, “It remains to be seen how the group’s longer term M.O. will evolve following publication, but we believe it is likely that they will attempt to use other methods to attempt to maintain persistent access to the targeted organizations. This highlights the need for a full incident response effort for affected organizations to ensure the group does not maintain other means of network access.”

National Infrastructure

Cyberattacks against national infrastructure are neither unique nor new in a global context.

Dr. Christopher Ahlberg, CEO and co-founder, Recorded Future, tells us, “The impact of a cyberattack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organization and across a nation.”

Chris Blask, global director, applied innovation at Unisys, said, “The findings about RedEcho are another indication that the trend towards using cyber means against national infrastructure for political ends continues to follow its multi-decade curve.”

“Nation-states should continue to develop processes, such as seen in the NERC CIP series of regulations, for lessons,” Blask said. “The timing of NERC CIP 13 last October requiring supply chain strategies for critical electrical operators, the SolarWinds attack, and the Feb. 24, 2021 executive order from U.S. president Joe Biden creating a 100-day window for federal departments to develop supply chain security strategies can be seen as an indication of areas for those working on national defense systems to focus.”

The U.S. focus on supply chain security, especially in the context of national security interests, is further evidenced by two separate projects worthy of approbation: the Digital Bill of Materials (DBoM) architecture and the Software Bill of Materials (SBoM) initiative led by the Department of Commerce.

India and China’s Conflict Goes Cyber

India steps up vigil for cyber attacks from China after apps ban - The  Economic Times

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race