RedEcho and India’s power grid (and lots of speculation). SolarWinds compromise updates. Gootloader and malicious SEO.
Recorded Future’s Insikt Group reports that an apparent Chinese cybersabotage group they’re tracking as “RedEcho” (a new name, because, despite some apparent links to other Chinese APTs identification remains unclear) has been active against India’s infrastructure. The group may have been staging potential attacks with a view to holding India’s electrical power grid at risk. “Potential pre-positioning of network access to support Chinese strategic objectives,” is how Recorded Future puts it, with attendant speculation about signaling, support of influence operations, or “as a precursor to kinetic escalation.”
It’s worth noting that Recorded Future’s conclusions are more tentative and circumspect than those the New York Times and various media outlets in India reached, and the report should be received in the spirit in which the researchers have apparently offered it. That cybersabotage of a power grid would have great potential for disruption is clear; as Control Global argues, one need look no further than the consequences of the Texas ice storms last month to see the possibilities.
The effects of the SolarWinds supply chain compromise continue to spread through US Government agencies—WIRED writes that the metaphorical “body count” now includes NASA and the FAA. Current and former SolarWinds executives blame an intern for the now infamous password “solarwinds123,” which, CNN reports, was readily accessible for years.
Sophos describes the Gootloader infection framework, which is not only expanding its payloads, but is using a novel approach to search engine optimization to bring its criminal bait to the attention of potential victims.
Gloss