So far, the evidence suggests that the SolarWinds hack, named for the company that made network-management software that was hijacked to insert the code, was chiefly about stealing information. But it also created the capability for far more destructive attacks — and among the companies that downloaded the Russian code were several American utilities. They maintain that the incursions were managed, and that there was no risk to their operations.
Until recent years, China’s focus had been on information theft. But Beijing has been increasingly active in placing code into infrastructure systems, knowing that when it is discovered, the fear of an attack can be as powerful a tool as an attack itself.
In the Indian case, Recorded Future sent its findings to India’s Computer Emergency Response Team, or CERT-In, a kind of investigative and early-warning agency most nations maintain to keep track of threats to critical infrastructure. Twice the center has acknowledged receipt of the information, but said nothing about whether it, too, found the code in the electric grid.
Repeated efforts by The New York Times to seek comment from the center and several of its officials over the past two weeks yielded no response.
The Chinese government, which did not respond to questions about the code in the Indian grid, could argue that India started the cyberaggression. In India, a patchwork of state-backed hackers were caught using coronavirus-themed phishing emails to target Chinese organizations in Wuhan last February. A Chinese security company, 360 Security Technology, accused state-backed Indian hackers of targeting hospitals and medical research organizations with phishing emails, in an espionage campaign.
Four months later, as tensions rose between the two countries on the border, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the incursions were so-called denial-of-service attacks that knocked these systems offline; others were phishing attacks, according to the police in the Indian state of Maharashtra, home to Mumbai.
By December, security experts at the Cyber Peace Foundation, an Indian nonprofit that follows hacking efforts, reported a new wave of Chinese attacks, in which hackers sent phishing emails to Indians related to the Indian holidays in October and November. Researchers tied the attacks to domains registered in China’s Guangdong and Henan Provinces, to an organization called Fang Xiao Qing. The aim, the foundation said, was to obtain a beachhead in Indians’ devices, possibly for future attacks.