On Thursday, a Cyber Threats Intelligence Company said that a suspected unit of Chinese cyber soldiers targeted the Indian Telecom companies, government agencies and several defence contractors, and disclosing what it said was a technical evidence of these operations and links to a specific People Liberation Army (PLA) unit.
Earlier this year these findings were published by the US headquarters Recorded Future as an evidence of the sustained Chinese cyber operations targeting India’s critical infrastructure in the power and ports sectors. The unit which was exposed in March was named RedEcho and the new group has been identified as the RedFoxtrot.
A person from Recorded Future’s Insikt Group said that they found that the RedFoxTrot targeted multiple Indian organisations throughout 2020 and 2021, and identified the group targeting two telecommunications organisations, three defendants contractors, and several additional government and private sector organisations in the past six months.
This activity took place in the period when India and China had heightened tensions between them.
Recorded Future said that the findings were based on the analysis of network traffic, footprint of the malware used, and domain registration records and data transmission from the possible targets.
A person quoted above said that the new campaign seemed more aligned with the traditional PLA-linked activity in gathering the military intelligence, and that they believed that RedFoxtrot conducted cyber espionage operations to gather intelligence on military and defence matters.
The state-on-state cyber operations fell into two categories, first being sabotage and the latter being espionage. The Indian Computer Emergency Response Team in March 2021 said that they had found signs of China-linked cyber actors conducting an espionage campaign against Indian Transportation sectors.
The Recorded Future representative said that in the relation to the other Big Four adversaries, China and the PLA were one of the world’s biggest cyber powers. The US ODNI annual threat assessment stated that China was a prolific and effective espionage threat and possessed substantial cyber-attack capabilities.
In the analysis of Recorded Future, it was found that RedFoxtrot was linked to PLA unit 69010, and was identified in a location of Urumqi, Xinjiang due to the lax security measures employed.
RedFoxtrot had targeted the aerospace and defence, government, telecommunications, mining, and research organisations of many countries like Pakistan, Tajikistan, Uzbekistan, Afghanistan, Kazakhstan, Kyrgyztan, and India.