high_confidence

Indian Critical Infrastructure Intrusions

[Indian Critical Infrastructure Intrusions](https://attack.mitre.org/campaigns/C0043) is a sequence of intrusions from 2021 through early 2022 linked to People’s Republic of China (PRC) threat actors, particularly [RedEcho](https://attack.mitre.org/groups/G1042) and Threat Activity Group 38 (TAG38). The intrusions appear focused on IT system breach in Indian electric utility entities and logistics firms, as well as potentially managed service providers operating within India. Although focused on OT-operating entities, there is no evidence this campaign was able to progress beyond IT breach and information gathering to OT environment access.(Citation: RecordedFuture RedEcho 2021)(Citation: RecordedFuture RedEcho 2022)

Start date

1 January 2021

End date

1 April 2022

Techniques

Attributed actors

APT41· primary

Techniques (8)

command-and-control4

T1568Dynamic Resolution

T1573.002Asymmetric Cryptography

T1071.001Web Protocols

T1571Non-Standard Port

defense-impairment1

T1599Network Boundary Bridging

resource-development3

T1588.004Digital Certificates

T1583.001Domains

T1584Compromise Infrastructure

Indicators of compromise

No IOCs linked to this campaign yet.