China and China-linked cyber operations have been seen as a persistent threat in India. Following a clash in the Galwan Valley in June 2020 between Indian and Chinese soldiers, relations have been tense between the two countries. Amidst this context an US cybersecurity firm named Recorded Future, headquartered near Boston released a report on 16 June. The report says a Chinese state-backed hacker group (nicknamed as ‘RedFoxtrot’) is targeting Indian defence research and other Indian organisations. The hacker group has been targeting Indian establishments for six months while border tensions between India, China were high.
A similar reporting by the same cybersecurity firm in March said that another China-linked hacker group, nicknamed ‘RedEcho’, was targeting India’s power sector, including state-owned NTPC, India’s largest energy conglomerate.
This time the report claims to find links between a “suspected” Chinese state-sponsored threat activity group and the People’s Liberation Army’s Unit 69010, a Chinese military intelligence unit. “The unit (69010) also likely has multiple subordinate offices primarily responsible for monitoring military activity along China’s western border,” the report said.
As per Recorded Future, the RedFoxtrot has been active since at least 2014, predominantly targeting sectors like government, defence, and telecommunications across Central Asia, India, and Pakistan. The cybersecurity firm has detected RedFoxtrot’s targets in the past six months. The report said “The RedFoxtrot has been targeting 3 Indian aerospace and defence contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region”. However, the report does not mention the names of the targeted organisations.