Author : Sameer Patil

Expert Speak Raisina Debates
Published on Apr 18, 2022
Adequate measures need to be adopted to strengthen India’s cyber defence as it has become increasingly susceptible to Chinese cyber attacks
Expanding Chinese cyber-espionage threat against India On 6 April 2022, American cybersecurity firm, Recorded Future revealed that Chinese state-sponsored hackers had targeted India’s power grids in Ladakh. A part of China’s cyber espionage campaign, the sustained targeting of the power grids was possibly aimed at collecting information on India’s critical infrastructure<1> or preparing for their sabotage in the future. What technical information the hackers had collected through this breach remains unknown. However, this targeting of the power grids and cyber-espionage campaign fits in the broader pattern of China’s systematic pursuit of offensive cyber operations against India for more than a decade. India is not alone. Several countries, including the Netherlands, United Kingdom, Australia, and the United States, and businesses like Vodafone and Microsoft have revealed China’s unabated campaign to steal trade and other sensitive data.
The group exploited Microsoft’s email software vulnerabilities to target US government departments, defence contractors, policy think tanks, and infectious disease researchers, amongst others.

China’s cyber espionage against its adversaries

The US Cybersecurity and Infrastructure Security Agency, for instance, in its overview of China’s cyber activities, has noted that Beijing conducts extensive hacking operations globally, targeting the health and telecom sector, critical infrastructure providers, and enterprise software providers, stealing intellectual property and confidential information. These targets provide valuable leads for subsequent “intelligence collection, attack, or influence operations”. The biggest and most recent such hack for cyber-espionage purpose was the breach of the Microsoft Exchange Server by the Hafnium state-sponsored hacking group in March 2021. The group exploited Microsoft’s email software vulnerabilities to target US government departments, defence contractors, policy think tanks, and infectious disease researchers, amongst others. Not just cyber attacks, China has even utilised overseas business contracts and activities to pursue its cyber-espionage campaign. A crucial part of this campaign is the telecom network and fibre optic communications infrastructure provided by Chinese companies like China Telecom, Huawei, and ZTE. The litany of spying instances involving Chinese companies, mostly Huawei, as listed in Table 1, establishes this trend. No wonder, for a long time, policymakers in the United States had been warning and recommending to exclude Chinese firms such as Huawei and ZTE from any critical communication backbone. Table 1: Select recent incidents of Chinese cyber-espionage worldwide Source: Compiled by authors China uses cyber espionage to fulfil several objectives. According to the latest US intelligence community assessment, these cyber-espionage operations often target those sectors which provide potentially rich “follow-on opportunities for intelligence collection, attack, or influence operations.” China uses information ferreted from these sources i) to boost its domestic manufacturing capabilities, and ii) to produce lower-cost imitations of popular western brands/products and, thereby, attain a competitive advantage. The example of China’s theft of US’ F-35 stealth fighter aircraft data is well-documented. But there are many other cases where China has sought competitive intelligence on the foreign business rivals of Chinese companies in multiple sectors, including defence, technology, oil and energy, automobile, and telecommunications.

Target India

While India has so far not proved such an attractive target for China’s commercial cyber espionage, things may be changing. In March 2021, a Singapore-based company, CyFirma, revealed that a Chinese state-backed hackers’ group had targeted the information technology systems of two Indian vaccine makers—Bharat Biotech and the Serum Institute of India (SII). These companies’ vaccines have been the most critical element of India’s national vaccination programme and vaccine diplomacy. Chinese hackers’ targeting of SII is significant when examining the reach of its vaccine, Oxford-AstraZeneca/Covishield, which is being used in 183 countries, as against almost half-reach of China’s flagship Sinopharm vaccine (used in 90 countries). Prime Minister Narendra Modi’s description of India as the “pharmacy of the world” vividly brings the country’s comparative advantage over China. Therefore, Chinese hackers may be trying to bridge that gap by targeting the vaccine makers to steal commercially valuable data.
A Singapore-based company, CyFirma, revealed that a Chinese state-backed hackers’ group had targeted the information technology systems of two Indian vaccine makers—Bharat Biotech and the Serum Institute of India (SII).
Therefore, we can expect China to broaden its range of targets for commercial cyber-espionage reasons to include sectors like services where India has a comparative advantage. Another potential target includes India’s start-up innovation ecosystem, where India has barred Chinese investments. But beyond commercial considerations, China’s cyber-espionage campaigns also demonstrate its coercive tactics. The targeting of the power grids in Ladakh in the middle of the prolonged border stand-off is clearly aimed at sending a political message and signalling that Beijing can open other non-military fronts in the bilateral security competition. Pertinently, this is the second such attack on India’s power sector by Chinese hackers. In October 2020, in one of the worst power outages, large parts of Mumbai witnessed a widespread blackout, which affected suburban train services and hospitals. Months later, Recorded Future noted that a China-linked hacker group, “RedEcho,” had breached the Indian power sector, which may have caused Mumbai’s power outage—a charge refuted by a Maharashtra government’s technical audit committee examining the incident. But Recorded Future added that besides the power sector, Chinese hackers also targeted two Indian ports and some parts of the railway infrastructure. Coming in the wake of the violent Galwan Valley clash between the Indian and Chinese militaries in June 2020, this targeting of India’s critical infrastructure suggested a combination of intimidation and retribution.
The targeting of the power grids in Ladakh in the middle of the prolonged border stand-off is clearly aimed at sending a political message and signalling that Beijing can open other non-military fronts in the bilateral security competition.
Moreover, the extent of Chinese persistence in targeting India is shown by the Advanced Persistent Threat 30 (APT30) vector. This threat actor’s espionage operation ran for a decade before its discovery in 2015. It harvested information from the Indian computer networks on geopolitical issues relevant to the Chinese Communist Party, such as the India–China border dispute, Indian naval activity in the South China Sea, and India’s relations with its South Asian neighbours.

Conclusion

In responding to this widening Chinese cyber-espionage activity, India is hardening its cyber defences and undertaking its own offensive cyber operations. But it needs to do more. For one, it needs to start outlining technical evidence to attribute these attacks to Chinese state-sponsored hackers—something which the national security establishment has resisted, even as the technical community in India and abroad has presented that evidence. New Delhi also needs a dedicated mechanism to monitor these offensive operations. While respective intelligence and security agencies do trace foreign spying campaigns against India, this kind of cyber activity is often treated as a cyber breach or incident, focusing on the target and activity, but without linking it to the broader Chinese cyber-espionage campaign, the involvement of state-sponsored hacking groups and the trends in their targeting of Indian computer networks. Perhaps the Defence Cyber Agency can take the initiative to collaborate with the civilian technical community to track these operations. This will send a definite message that Beijing’s mischief is not going unnoticed and is being systematically tracked as part of India’s comprehensive cyber posture.
<1> Critical infrastructure is that infrastructure or essential service which is required to be functional at all times, 24x7. This includes telecom networks, air traffic control, traffic signals, nuclear reactors, power plants, pipelines.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

Author

Sameer Patil

Sameer Patil

Dr Sameer Patil is Director, Centre for Security, Strategy and Technology at the Observer Research Foundation.  His work focuses on the intersection of technology and national ...

Read More +