So far, evidence indicates that the SolarWinds hack, named after the company that created the network management software hacked to enter the code, was primarily related to information theft. But it also created the ability to launch more destructive attacks – and among the companies that downloaded the Russian code, there were several American utilities. They insist that the incursions were managed and that there was no risk to their operations.
Until recent years, China’s focus was on information theft. But Beijing has been increasingly active in putting code into infrastructure systems, knowing that when discovered, fear of an attack can be as powerful a tool as the attack itself.
In the Indian case, Recorded Future sent its findings to India’s Computer Emergency Response Team, or CERT-In, which is a type of investigation and early warning agency that most countries maintain to track threats to critical infrastructure. The center twice acknowledged receiving the information, but said nothing if it had also found the code in the electrical network.
Frequent inquiries by the New York Times of the center and several of its officials over the past two weeks have resulted in no comment.
The Chinese government, not responding to questions about the code in the Indian network, could argue that India initiated the cyber aggression. In India, a group of state-backed hackers were caught using phishing emails under the heading of Coronavirus to target Chinese organizations in Wuhan last February. A Chinese security company, 360 Security Technology, has accused state-backed Indian hackers of targeting hospitals and medical research institutions with phishing emails, in a spying campaign.
Four months later, as tensions escalated between the two countries on the border, Chinese pirates launched a squadron of 40,300 hacking attempts on India’s technological and banking infrastructure in just five days. Some incursions were called denial-of-service attacks that disrupted these systems without an internet connection; Police in Mumbai, India’s Maharashtra state, said others were phishing attacks.
By December, security experts at the Cyber Peace Foundation, an Indian non-profit that tracks hacking efforts, reported a new wave of Chinese attacks, as hackers sent phishing emails to Indians related to Indian holidays in October and November. Researchers linked the attacks to registered domains in China’s Guangdong and Henan provinces, with an organization called Fang Xiaoqing. The foundation said the goal was to obtain a bridgehead in the Indians’ hardware, possibly to launch attacks in the future.