Jump to content
Sign in to follow this  

RedEcho group shut down part of infrastructure after disclosure of operations

Recommended Posts

In February 2021, cybersecurity specialists published a detailed report on RedEcho's operations in India.
Chinese hacker group RedEcho, linked to a malicious campaign against India's energy sector and critical infrastructure, shut down some of the domains after its operations were disclosed at the end of February 2021.
RedEcho is one of many Chinese government-sponsored cyber espionage groups operating today. The first RedEcho cyberattacks were recorded in early 2020. RedEcho attacked India's energy sector, allegedly hacking into more than ten energy organizations, including four of the five Regional Load Despatch Centers (RLDC) and two State Load Despatch Centers (SLDC). During the attacks, the criminals used PlugX and ShadowPad malware.
These attacks became known in February 2021, when Insikt Group specialists from the information security company Recorded Future published a detailed report on RedEcho's operations in India. Analysts were able to find unique characteristics of the interaction between malware and its server infrastructure, allowing experts to track attacks using a combination of proactive methods of infrastructure detection, domain analysis and network traffic. The infrastructure, dubbed AXIOMATICASYMPTOTE, shares some common tactics, techniques and procedures with several previously identified Chinese factions, including APT41 and the Tonto Team, the researchers found. Despite some overlap with previous campaigns, the Insikt Group linked these operations to a separate RedEcho grouping.
However, less than two weeks after the publication of the Recorded Future study, the RedEcho group shut down some of its domain infrastructure, including the domains used to manage ShadowPad malware.
Such a plan of action for hackers is quite expected, since cybercriminal groups such as RedEcho often respond to public disclosure of their activity by moving infrastructure to new servers.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Create New...