A Chinese hacking group called RedEcho is believed to have attacked Maharashtra’s electricity grid in March 2021, amidst an ongoing crisis in Ladakh. Hackers from North Korea penetrated the Kundankulam Nuclear Power Plant (KKNPP) in 2019 in a bid to test the cyber security of the plant and steal information about the reactor design.
In some ways, cyber war between India and China is already taking place – after India banned hundreds of Chinese mobile apps, limiting Chinese investments in the Indian economy and giving a bloody nose to the PLA on the LAC on 15 June 2020.
Extensive operations in the fifth domain of warfare, ie, cyber space have, been a reality for decades, the other domains being land, sea, air, and space. The primary objective is cyber military superiority to provide freedom of action in, through, and from cyberspace to support mission objectives. The corollary is to deny freedom of action to adversaries.
Chinese Cyber Attacks
China has been leading a worldwide hacking and economic espionage campaign, using cyber attacks to steal intellectual property in disregard of bilateral and multilateral agreements.
China is one of the world’s pre-eminent players using cyber weapons. Used as methods of espionage, state-sponsored data breaches and server hacks pose a significant threat to global security. China was responsible for worldwide rise of cyber crime by 600% during the Covid-19 pandemic. Even before the virus hit, China had overtaken Russia as the biggest state sponsor of cyber attacks against the West.
Some of the Chinese cyber attacks that have made digital history in the past include:
• Operation Aurora (Jan 2010) affected Internet Explorer, Google and Adobe.
• New York Times’s employees, in Jan 2013, were attacked after it published an investigation into how relatives of the then Chinese prime minister, Wen Jiabao, accrued several billion dollars through business dealings.
• The personnel files of more than 20 million people of the US Office of Personnel Management (OPM), were stolen from Nov 2013 to April 2015.
• Four Chinese military hackers were indicted in 2020, for stealing data of 147 million Americans customers of credit-reporting agency Equifax.
• The Vatican’s computer systems were attacked (100 cyber threats a month) by suspected state-sponsored Chinese hackers in July 2020.
• Two Chinese hackers were indicted, on 7 July 2020, in a bid to steal data from Moderna Inc, the vaccine manufacturer.
Indian Targets
In March 2013, DRDO’s computers were breached by Chinese hackers, who took files related to Cabinet Committee on Security (CCS), to a server in Guangdong in China and the Indian defence ministry ordered a probe.
China-linked hacker group, RedFoxtrot, from their intelligence Unit 69010, targeted India’s power sector, including conglomerate NTPC, in March 2021. RedFoxtrot’s predomi-nant targets are sectors like government, defence, and telecommun-ications across Central Asia, India, and Pakistan.
Some Indian targets included Walchandnagar Industries engaged in India’s Nuclear and Space programmes, and defence manufacturer Alpha Design Technologies and Bharat Sanchar Nigam Limited (BSNL).
The Times Group (Feb, Aug 2021), Unique Identification Authority of India (UIDAI), and MP Police Department (June 2021) have been targeted by suspected Chinese state-sponsored threat activity group TAG-28, which used Winnti malware. In June 2021, APT41 was responsible for cyber attack against Air India.
Russia-Ukraine War
Ukraine launched cyber attacks under Operation Groundbait in May 2016. The Surkov Leaks in Oct 2016 made public 2,337 e-mails and hundreds of attachments, with plans for seizing Crimea from Ukraine and fomenting separatist unrest in Donbas. The IT Army of Ukraine was established in Feb 2022 during the 2022 Russian invasion of Ukraine.
Anonymous, the hacker collective has declared cyberwar on Russia. The group has claimed credit for hacking the Russian Ministry of Defence database, and is believed to have hacked multiple state TV channels to show pro-Ukraine content.
The group has claimed credit for several distributed denial of service attacks. Its targets in the past have included the CIA, the Church of Scientology and Islamic State.
Anonymous’ Russian targets included:
• Roskomnadzor, the Russian government agency in charge of controlling access to social media sites.
• Russian news channels Russia 24, Channel One, and Moscow 24.
• Kremlin’s official website, the Ministry of Defence database, over 300 Russian media, as well as banking websites.
• Hacktivists wanted to keep Russians connected to the rest of the world and alternative media by publishing their data in the hope of exposing the censorship that the Russian government was putting on its citizens.
Recent Initiatives
The creation of the Defence Cyber Agency in 2019, Cyber Security Coord at the National Security Council (NSC), preparedness for offensive ops by the National Technical Research Organisation (NTRO), defensive measures by National Critical Info Infrastructure Protection Centre (NCIIPC) and the release of India’s National Cyber Security Policy (NCSP) are steps in the right direction. As roles and responsibilities of the armed forces, other government agencies as well as the private sector are articulated, the nation’s vulnerability to cyber attacks will decrease.
The vulnerabilities facing India’s Critical Infrastructure (CI) need to be addressed with greater urgency. Cyber attacks against India’s CI and Strategic Infrastructure (ST), such as nuclear power plants, are not new.
Defensive measures like having a cyber security framework, Cyber Security Awareness, Incident Response Tools, Vulnerability Assessment and Penetration Testing, Multi-Factor Authentication and so on are necessary but offensive defence is the key. Along with space, Indian must prepare for “cross-domain” warfare to include cyberspace.
