So far, the evidence suggests that the SolarWinds hack, named after the company that made network management software that was hijacked to insert the code, is mainly about information theft. But it also created the capability for many more destructive attacks – and among the companies that downloaded the Russian code were several US utilities. They claim that the attacks were managed and that there was no risk to their operations.
Until recent years, China’s focus has been on information theft. But Beijing was increasingly putting code into infrastructure systems, knowing that the fear of an attack could be just as powerful as an attack itself.
In the Indian case, Recorded Future sent its findings to the Computer Emergency Response Team, or CERT-In, a kind of investigation and early warning agency that maintains most countries to track critical infrastructure threats. The center twice acknowledged receipt of the information, but did not say whether it found the code in the electrical network.
Repeated attempts by The New York Times to garner comment from the center and several officials over the past two weeks have yielded no response.
The Chinese government, which did not respond to questions about the code in the Indian timetable, could argue that India had started the cybergression. In India, a patchwork of state-sponsored hackers was caught using coronavirus phishing email address to target Chinese organizations in Wuhan last February. A Chinese security company, 360 Security Technology, accuses state-backed Indian hackers of targeting hospitals and medical research organizations with phishing emails, in a espionage campaign.
Four months later, as tensions between the two countries on the border escalated, Chinese hackers unleashed a swarm of 40,300 attempts to break into India’s technology and banking infrastructure in just five days. Some of the attacks were so-called denials of service attacks that cracked these systems offline; others were phishing attacks, according to police in the Indian state of Maharashtra, home of Mumbai.
By December, security experts from the Cyber Peace Foundation, an Indian non-profit organization that follows the burglary attempt, reported a new wave of Chinese attacks in which hackers sent phishing emails to Indians related to the Indian holiday in October and November . Investigators linked the attacks to domains registered in Guangdong and Henan provinces to an organization called Fang Xiao Qing. The purpose of the foundation was to acquire a beachhead in Indians’ devices, possibly for future attacks.