So far, the evidence suggests that the SolarWinds hack, named after the company that made the network management software that was hijacked to insert the code, was primarily for stealing information. But it also created the capacity for much more destructive attacks – and among the companies that downloaded the Russian code were several American utilities. They maintain that the raids were managed and that there was no risk to their operations.
Until recent years, China’s focus has been on information theft. But Beijing has shown itself to be increasingly active in putting code into infrastructure systems, knowing that, when discovered, fear of an attack can be as powerful a tool as the attack itself.
In the Indian case, Recorded Future sent its findings to the Computer Emergency Response Team, or CERT-In, a sort of investigative and early warning agency that most nations maintain to keep up with threats to critical infrastructure. Twice, the center acknowledged receiving the information, but said nothing about whether it also found the code on the power grid.
The New York Times’ repeated efforts to obtain comments from the center and several of its employees in the past two weeks have not responded.
The Chinese government, which did not answer questions about the Indian network code, can argue that India has initiated cyber-aggression. In India, a patchwork of state-backed hackers was caught using coronavirus phishing emails to target Chinese organizations in Wuhan last February. A Chinese security company, 360 Security Technology, accused state-backed Indian hackers of attacking hospitals and medical research organizations with phishing emails in a spying campaign.
Four months later, as tensions rose between the two countries on the border, Chinese hackers unleashed a swarm of 40,300 attempts to break into India’s banking technology and infrastructure in just five days. Some of the forays were the so-called denial of service attacks, which took these systems offline; others were phishing attacks, according to police in the Indian state of Maharashtra, home to Mumbai.
In December, security experts at the Cyber Peace Foundation, an Indian non-profit organization that follows hacking efforts, reported a new wave of Chinese attacks, in which hackers sent phishing emails to Indians related to Indian holidays in October and November. The researchers linked the attacks on registered domains in the Chinese provinces of Guangdong and Henan, to an organization called Fang Xiao Qing. The goal, the foundation said, was to obtain a bridgehead on the Indians’ devices, possibly for future attacks.