Chinese Cyber Exploitation in India’s Power Grid

1
Introduction

On Feb. 28, 2021 The New York Times (NYT), based on analysis by a U.S. based private
intelligence firm Recorded Future, reported that a Chinese entity penetrated India’s power grid
at multiple load dispatch points. Chinese malware intruded into the control systems that manage
electric supply across India, along with a high-voltage transmission substation and a coal-fired
power plant.

The NYT story1 gives the impression that the alleged activity against critical Indian
infrastructure installations was as much meant to act as a deterrent against any Indian military
thrust along the Line of Actual Control as it was to support future operations to cripple India’s
power generation and distribution systems in event of war.

Recorded Future found that most of the malware was never activated. As recorded Future could
not get inside India’s power systems, it could not examine the details of the code itself, which
was placed in strategic power-distribution systems across the country. The cyber security
company had sent its findings to the Indian Computer Emergency Response Team (CERT-In)
within the Ministry of Electronics and Information Technology of the Government of India. It
informs that the government has acknowledged the receipt twice, though there has been no
2confirmation that the code infected in the power grid may have any links with China-based
hackers. Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-
sponsored group, which the firm named Red Echo, “has been seen to systematically utilize
advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes
across the Indian power generation and transmission infrastructure.”

There have been recent reports of Chinese hacking activities in Indian cyberspace. On March
01, 2021 Reuters, quoting cyber intelligence firm Cyfirma, reported that the Chinese hacking
group APT 10, also known as Stone Panda, in recent weeks targeted the IT systems of Bharat
Biotech and the Serum Institute of India (SII), whose corona virus shots are being used in the
country's immunisation campaign. Goldman Sachs-backed Cyfirma, based in Singapore and
Tokyo, said the Stone Panda had identified gaps and vulnerabilities in the IT infrastructure and
supply chain software of Bharat Biotech and the Institute of India (SII), the world's largest
vaccine maker.

2
Rivals China and India have both sold or gifted COVID19 shots to many countries. India
produces more than 60% of all vaccines sold in the 4 world. Cyfirma Chief Executive Kumar
Ritesh said, "The real motivation here is actually exfiltrating intellectual property and getting a
competitive advantage over Indian pharmaceutical companies."

The NYT story has opened Pandora's Box. Media in India has gone on an overdrive. This
incidence has raised many very important issues. A holistic analysis of this report is required
to be done to arrive at a correct conclusion.

Details of the report of Recorded Future

Since early 2020, Recorded Future’s Insikt Group observed a large increase in suspected
targeted intrusion activity against Indian organisations from Chinese state-sponsored hacker
groups. In this report, details of a campaign conducted by a China-linked threat activity group,
RedEcho, targeting the Indian power sector has been analysed. The activity was identified
through a combination of large-scale automated network traffic analytics and expert analysis.
Data sources include the Recorded Future Platform, SecurityTrails, Spur, Farsight and common
open-source tools and techniques.

Recorded Future’s midpoint collection, from mid-2020 onwards, revealed a steep rise in the use
of infrastructure tracked as AXIOMATICASYMPTOTE, which encompasses ShadowPad
command and control (C2) servers, to target a large part of India’s power sector. Using a
combination of proactive adversary infrastructure detections, domain analysis and Recorded
Future Network Traffic Analysis, it was found that a subset of these
AXIOMATICASYMPTOTE servers share some common infrastructure tactics, techniques,
and procedures (TTPs) with several previously reported Chinese state-sponsored groups,
including APT41 and Tonto Team.

According to cyber security firm FireEye, the targeting makes use of a modular backdoor called
ShadowPad that was originally connected to state-sponsored groups like APT41 or Barium.
Over the last couple of years, at least five Chinese threat activity groups have used ShadowPad,
including Tonto Team, KeyBoy, and Tick, suggesting that it is one of the latest capabilities
being shared across Chinese state-sponsored groups for network intrusion campaigns since
2017.

3
The report stated, "We assess that the sharing of ShadowPad is prevalent across groups
affiliated with both Chinese Ministry of State Security (MSS) and groups affiliated with the
People’s Liberation Army (PLA), and is likely linked to the presence of a centralized
ShadowPad developer or quartermaster responsible for maintaining and updating the tool.

Recorded Future’s chief operating officer, Stuart Solomon, told The New York Times that Red
Echo “has been seen to systematically utilise advanced cyber intrusion techniques to quietly
gain a foothold in nearly a dozen critical nodes across the Indian power generation and
transmission infrastructure”.The report states that the targeting of Indian critical infrastructure
offers limited economic espionage opportunities. It causes significant concerns over potential
pre-positioning of network access to support Chinese strategic objectives later. It can be used:

 To send a robust signaling message as a "show of force."

 To enable influence operations to sway public opinion during a diplomatic confrontation.

 To support potential future disruptive cyber operations against critical infrastructure.

Researchers of Recorded Future did not find enough evidence to attribute the activity to an
existing group such as APT41 or Tonto Team. They are tracking it as a closely related but
distinct group named Red Echo.

Within India’s power sector, RedEcho conducted suspected network intrusions targeting at least
four out of the country’s five Regional Load Despatch Centres (RLDCs), alongside two State
Load Despatch Centres (SLDCs). RLDCs and SLDCs are responsible for ensuring realtime
integrated operation of India’s power grid through balancing electricity supply and demand to
maintain a stable grid frequency.

The 12 organisations targeted by Red Echo included Power System Operation Corporation
Limited, NTPC Limited, NTPC’s Kudgi power plant, Western Regional Load Dispatch Centre,
Southern Regional Load Dispatch Centre, North Eastern Regional Load Dispatch Centre,
Eastern Regional Load Dispatch Centre, Telangana State Load Dispatch Centre, Delhi State
Load Dispatch Centre, the DTL Tikri Kalan (Mundka) sub-station of Delhi Transco Ltd, VO
Chidambaranar Port and Mumbai Port Trust.

4
Historical hosting overlaps also exist between RedEcho DDNS domain railway.sytes[.]net and
the previously reported APT41/Barium cluster. However, it is important to note that several
DDNS domains attributed to Barium by Microsoft were also previously linked to Tonto Team
threat activity in public reporting from Trend Micro. In their report, Trend Micro also noted
that Tonto Team targeted India’s Oil and Gas and Energy industries.

The Recorded Future study investigators said that "the alleged link between the outage and the
discovery of the unspecified malware in the system remains unsubstantiated." But they noted
that "additional evidence suggested the coordinated targeting of the Indian load dispatch
centres, which balance the electrical demands across regions of the country."

5
Who are these Chinese Hackers?

The first thing to note is that these attacks were using ShadowPad, which is one of the largest
known supply-chain attacks, according to cybersecurity firm Kaspersky.

It is a covert background malware, which hides inside legit software. Once activated, it allows
hackers to access the system to install more malicious software or steal data.

High-level RedEcho Terrorist Tactics, Techniques, and Procedures (TTPs) and Recorded
Future data sourcing graphic Recorded Future

Even though the investigators spotted some overlaps with other cybercriminal groups — like
APT41, known for the NetSarang incident using ShadowPad, and Tonto Team — they don’t
believe that there is enough evidence to pin the blame on any known perpetrators.

6
Earlier Indications

There have been indications of Chinese cyber-espionage activities in India earlier.

In February 2021, Hindustan Times reported that the number of Indian government officials,
including those from the sensitive ministries of defence and external affairs, had been subjected
to a phishing campaign on February 10 that involved compromised government domain email
addresses. While the news report does not identify Chinese state-supported entities as being
behind it, in the past, the Indian government had directly 8 identified China as being attempts
to hack computers belonging to officials in the national security establishment.

Red Flag. On October 13, 2020 Mumbai faced a power outage that lasted for two hours, starting
from 10 am until the power situation was resolved by noon. This had led to the cancellation of
train services, stop work at the stock exchange and all the other offices and commercial
establishments across Mumbai, Thane and Navi Mumbai areas. Government hospitals only had
ICUs running on minimal back-up while Covid centres also ran on backups. Some areas in
suburban central Mumbai suffered outages for almost 10 to 12 hours till the power services
resumed.

The power outage's primary cause was said to be due to tripping at the Padgha-based load
dispatch centre in Thane district, which distributes power for Mumbai, Thane and Navi Mumbai
areas.

India Today reported that he Maharashtra cyber department suspects that a malware attack
could be responsible for Mumbai's power outage. In their initial investigation, sources in the
Maharashtra cyber department revealed that they had traced the infusion of malware at the
Padgha-based state load dispatch centre. The Maharashtra Cyber department had said after
thorough analysis and investigation, it has been found that all these attacks generated from
China and were targeted at some of the most crucial sectors.

Yashasvi Yadav, Special Inspector General of Police, Maharashtra Cyber Intelligence Cell was
quoted as, "We at the Maharashtra Cyber department have collated information that in the
Indian cyberspace there has been a sudden surge since past four to five days where attacks have
happened on major sectors from China. These sectors include Information, Infrastructure and

7
Banking. There has been a minimum of 40300 probes or cyber attacks for which we have
gathered information as of now. These cyber-attacks or hacking attempts are happening from
the Chengdu area of China. Chengdu is the capital of southwestern China's Sichuan province.
These can be divided into three categories which are Denial of service attacks, Internet protocol
hijacking attacks and Phishing attacks. Due to these attacks, the Indian cyberspace especially
the government sector at this stage remains vulnerable.”

Security experts of an Indian nonprofit organisation, the Cyber Peace Foundation, that follows
hacking efforts reported a new wave of Chinese attacks, in which hackers sent phishing emails
to Indians in October and November. Researchers tied the attacks to domains registered in
China's Guangdong and Henan Provinces to an organisation called Fang Xiao Qing. The aim
was to obtain an entry into Indians' devices, possibly for future attacks. Vineet Kumar, the
president of the Cyber Peace Foundation, said, "One of the intentions seems to be power
projection."

Since last year the foundation has documented a surge of malware directed at India's power
sector, from petroleum refineries to a nuclear power plant. Because it is impossible for the
foundation or Recorded Future to examine the code, it is not clear whether they are looking at
the same attacks. Interestingly the timing is the same.

Official Indian Response to the Incident

The official response from the Government of India in New Delhi was typically bureaucratic.
The Ministry of Power on 01 March, 2021 said, “There is no impact on any of the functionalities
carried out by Power System Operation Corporation (POSOCO) due to the referred threat. No
data breach/ data loss has been detected due to these incidents. Prompt actions are being taken
by the CISOs (chief information security officers) at all these control centres under operation
by POSOCO for any incident/advisory received from various agencies like CERT-in, NCIIPC,
CERT-Trans etc.”

Sources said that the ministry received an email from the Indian Computer Emergency
Response Team (CERT-In) on November 19, 2020 on the threat of malware called Shadow Pad
at some control centres of POSOCO. Accordingly, the action was taken to address these threats.

8
The power ministry said that the National Critical Information Infrastructure Protection Centre
(NCIIPC), which oversees cyber security operations, had sounded an alert on February 12 about
a Chinese state-sponsored threat actor group known as Red Echo targeting regional load
dispatch centres (RLDCs) and state load dispatch centres (SLDCs). The statement said,
“NCIIPC informed through a mail dated 12th February 2021 about the threat by Red Echo
through a malware called Shadow Pad.”

After the ministry came to know about the threats, all IPs and domains listed in the NCIIPC
mail were blocked in the firewall at all control centres. The sources in the ministry said, "Log
of firewall is being monitored for any connection attempt towards the listed IPs and domains.
Additionally, all systems in control centres were scanned and cleaned by antivirus.”

The ministry had noted, "Observations from all RLDCs & NLDC shows that there is no
communication and data transfer taking place to the IPs mentioned. There is no impact on any
of the functionalities carried out by POSOCO due to the referred threat. No data breach/data
loss has been detected due to these incidents. Prompt action is being taken by 10 the chief
information security officers at all these control centres under operation by POSOCO for any
incident or advisory received from various agencies like CERT-in, NCIIPC, CERT-Trans and
others”.
The IPs mentioned in the Red Echo related advisory are matching with those given in Shadow
pad. However, the ministry did not mention the Mumbai outage or any possible linkage in its
statement.

Examples of Cyber Attacks on Power Plants around the World

As countries and businesses rely on electricity, power grids can be a prime target for signalling
an adversary's intent. Russia used this tactic against Ukraine several times by triggering
blackouts across the country. The Russian attacks took place amid an ongoing conflict between
Russia and Ukraine centred primarily around control of Crimea. If the Chinese-linked group
intends to send a signal with its activity, it likely will be heard not just by India. Levi Gundert,
senior vice president of global intelligence at Recorded Future said, "Other countries in friction
zones with China will ask themselves if they need to be wary and cautious. Perhaps Vietnam,
the Philippines, Cambodia and others will have to change their cyberdefenses”.

9
In December 2015, a Russian intelligence unit shut off power to hundreds of thousands of
people in western Ukraine10. The attack lasted only a few hours, but alarm bells were ringing
at the White House. A team of American experts was dispatched to examine the damage. They
found that one of the same Russian intelligence units that wreaked havoc in Ukraine had made
significant inroads into the United States energy grid.

The U.S has engaged in similar signalling activities. After the Department of Homeland
Security announced publicly that the American power grid was littered with code inserted by
Russian hackers, the United States put code into Russia’s grid in a warning to President
Vladimir V. Putin and a demonstration of how the Trump administration is using new
authorities to deploy cybertools more aggressively. It was intended partly as a warning and
partly to be poised to conduct cyber strikes if a major conflict broke out between Washington
and Moscow.

There is no evidence to suggest that the U.S has actually turned off the power to establish what
American officials call a "persistent presence" inside Russian networks. The Russians also have
not turned off power in the United States. But the placement of malicious code inside both
systems revives the question of whether a nation's power grid or other critical infrastructure that
keeps homes, factories, and hospitals running, constitutes a legitimate target for online attack.

Indian Cyber players

Because of this incident, Indian cyber exploitation actions have come under increasing focus.
The Daily Swig, a website that gives the latest cybersecurity news from around the world, has
provided the following information about Indian hacker groups.

 Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of
Russia and China, in the less ambitious geographic scope of their attacks.

 India has less mature cyber warfare tools and capability than the 'Big Six' – China, North
Korea, Russia, Israel, the U.K. and U.S. At this stage, they do not have the ability to call on a
cache of zero day exploits to utilise. They use reasonably effective techniques such as decoy
documents containing weaponised macros. It may change over time since their capability is
growing.

10
 The level of sophistication of the activity groups affiliated with India can vary. Some groups
have shown a high level of sophistication and use of advanced custom-built tools or advanced
exploits, while others exhibited significantly less sophisticated capabilities.

 The level of sophistication isn't always linked with the group's operation or goals' success
rate. At times, simple social engineering attacks delivering a known commodity malware can
be enough to get the threat actors what they want.

 There is no shortage of people with advanced technical skills in India.

Recent attacks by Indian hacker groups. The highly active cyber-espionage entity known as
SideWinder has been plaguing governments and enterprises since 2012. A recently released
report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South
Asia and East Asia, with the group likely supporting Indian interests.

Recorded Future observed that suspected Indian group Sidewinder target Chinese military and
government entities in 2020. SideWinder has been very active in 2020. SideWinder APT group
used the Binder exploit to attack mobile devices and uses lure files related to Covid-19. This
confirms the recent Trend Micro research.

Cyber security company Trend Micro stated, “While tracking the activities of the SideWinder
group, which has become infamous for targeting the South Asia region and its surrounding
countries, we identified a server used to deliver a malicious LNK file and host multiple
credential phishing pages. We learned that these pages were copied from their victims’ webmail
login pages and subsequently modified for phishing. We believe further activities are
propagated via spear-phishing attacks.

The hacker group Dropping Elephant has been alleged to target organisations using
spearphishing and watering hole attacks.Viceroy Tiger has been known to use weaponised
Microsoft Office documents in spearphishing campaigns. Security researchers at Lookout
recently went public with research on mobile malware attributed to the threat actors and rated
as medium sophistication.

11
2021 Global Threat Report, prepared by Cyber security company Crowd Strike, stated that in
2020, targeted intrusion actors from China, Russia, Iran, North Korea, India, Pakistan and
Vietnam pursued actions on objectives likely related to strategic national security and espionage
priorities dictated by their respective states.

Crowd strike identified actor RAZOR TIGER whose target scope was focused primarily on
entities in China and Pakistan. However, CrowdStrike Intelligence observed limited
circumstances in which RAZOR TIGER also conducted intrusions in the Middle East and
Europe. Sector-level targeting focused on government, military and defense entities.

A Chinese security company, 360 Security Technology, accused Indian hackers of targeting
hospitals and medical research organisations with phishing emails in an espionage campaign.

China’s Capabilities

China is ranked second in the National Cyber Power Index, behind only the U.S., while India
is ranked 21 of the 30 countries analysed15. China is an acknowledged master in cyber
espionage activities. In addition to traditional state espionage, Chinese hackers are pilfering
intellectual property from every major Fortune 500 company, American research laboratories,
and think tanks worth trillions of dollars. Chinese hackers have taken everything, from the
designs for the next F-35 fighter jet to the Google code, the U.S. smart grid and the formulas
for Coca-Cola and Benjamin Moore paint. If China can break through the reasonably good
cyber network defences of these organisations and Pentagon, it can be assumed that Chinese
malware is present in most of India's critical information infrastructures.

It is true that China has not shown its hand in carrying out offensive cyber operations. But the
only distinction between computer network exploitation and attack is the attacker's intent as the
malware is already inside your network. The skill sets needed to penetrate a network for
intelligence gathering purposes and offensive action are the same. Until recent years, China’s
focus had been on information theft. But Beijing has been increasingly active in placing code
into infrastructure systems, knowing that when it is discovered, the fear of an attack can be as
powerful a tool as an attack and can be seen as a deterrent. Of late, China has been increasingly
aggressive in dealing with its neighbours in the cyber domain. It has interfered actively in the
election of Taiwan.

12
An example of Chinese expertise in cyber exploitation activities is the recent exploitation of a
flaw in software made by SolarWinds Corp by Chinese hackers to break into U.S. government
computers last year. This is a new twist in the recent famous cybersecurity breach that U.S.
lawmakers have labelled a national security emergency. The software flaw exploited by the
suspected Chinese group is separate from the one the United States has accused Russian
government operatives of using to compromise up to 18,000 SolarWinds customers, including
sensitive federal agencies, by hijacking the company’s Orion network monitoring software.

GHOSTNET. China has been conducting cyber operations against India for a long time. One
of the earlier examples was the Ghost Net episode. Between June 2008 and March 2009, the
Information Warfare Monitor conducted an investigation focused on allegations of Chinese
cyber espionage against the Tibetan community. GhostNet penetrated computer systems
containing sensitive and secret information at the private offices of the Dalai Lama and other
Tibetan targets.

GhostNet, infected 1,295 computers in 103 countries. Almost a third of the targets infected by
GhostNet included the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia,
Philippines, Brunei, Barbados and Bhutan; embassies of India, South Korea, Indonesia,
Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan; the ASEAN
(Association of Southeast Asian Nations) Secretariat, SAARC (South Asian Association for
Regional Cooperation) and the Asian Development Bank; news organizations; and an
unclassified computer located at NATO headquarters.

Chinese state-sponsored hackers have been consistently targeting Tibetan organisations across
the world. In a recent incidence, Chinese hackers used a malicious Firefox add-on that was
configured to steal Gmail and Firefox browser data and then download malware on infected
systems. Cybersecurity firm Proofpoint in February 2021 discovered the attacks. It has been
linked to a group the company tracks under the codename of TA413.

Proofpoint said the attackers targeted Tibetan organisations with spear-phishing emails that
lured members on websites where they'd be prompted to install a Flash update to view the site's
content. These websites contained code that separated users. Only Firefox users with an active
Gmail session were prompted to install the malicious add-on. In this particular campaign, which
Proofpoint codenamed FriarFox, attacks began in January 2021 and continued throughout
February.

13
Conclusion

No cyber defence can be full-proof. Attacks will come, defences would be breached. If the
Chinese hackers can breach the Pentagon, it can happen in India also. Points to be considered
are: when do we realise that breach has happened, does it have the capacity to damage the
system, what is the resilience of the system, how much time it takes to plug the gap etc.

The September 2019 cyber exploitation by North Korean cyber criminals in India’s largest civil
nuclear facility, the Kudankulam Nuclear Power Plant in Tamil Nadu was certainly a wakeup
call. If a cybercrime team from North Korea can penetrate India’s largest nuclear power plant,
surely state-backed cyberattacks can cause much more damage. The shortcomings detected in
that incidence should have been corrected by now. Who could imagine that nuclear power
plants were not part of the responsibilities of NCIIPC?

Was the malware, in this case, were detected by in house expertise of CERT In or NCIIPC, or
they got triggered by the information provided by Recorded Future? How come all these major
breaches in the recent cyber exploitation activities in critical information infrastructures have
been reported by foreign cyber security companies and not detected by us?
14
Typically cyber exploitation activities for industrial espionage are carried out by The Ministry
of State Security (MSS) of the Chinese government and not by PLA. The affiliation of RedEcho
to PLA should raise heckles as it would indicate the intention of cyber attack by PLA in an
opportune time.

There are question marks on Indian cyber security companies. Some of the experts may be
earning big bucks in US IT company's bug bounty programs. It is time now for them to show
their expertise in detecting breaches in Indian critical information infrastructure. How do we
get them to work for the Indian system? Bureaucratic hurdles have to be overcome. Where are
the Indian cyber security companies like Mandiants who can expose the role of PLA in hacking
activities?

Though there has been an improvement in the cyber defence of power networks, the efficacy
varies. The NTPC and other public sector undertakings may be well off in cyber protection, but
can the same be said about the arrangement in a state-owned hydroelectric plant that is also
connected to the national power grid or those networks of nonconventional energy sources like
wind or solar energy? A hacker could easily get into the national power grid through this poorly
protected power plants and create mayhem at a time of their choosing. What can India do to
prevent this incident?

Government Response in the Media. The official response to such events is rather slow. In
the absence of official statements, there is a scope of rumour-mongering and kite flying. Media
leaks by “ informed insiders" or " sources from the ministry" do not inspire confidence. If a
cyber security company has reported a breach one can be rest assured it will come out in the
open sooner than later. In this particular incidence, there has been no clear statement from the
government whether there is any link between the breach and the power failure of October 13,
2020 in Mumbai. There should be an institutional mechanism to address the media after any
such report.

At the time of uploading of this paper Union Power Minister R K Singh on March 03, 2021
made a statement that Mumbai power outage of October 2020 was caused by "human error"
and there is no evidence to prove that it was trigged due to a cyber attack by China.

In space, cyber and electronic warfare domains, China has advanced far ahead of India. With
the kind of software development capabilities and human resources India possesses, it should
have taken the lead in these areas. India must now play catch up.

15
India has taken some baby steps by establishing the Defence Cyber Agency and Defence Space
Agency, probable precursors to the Cyber and Space Command. In the fast-changing
technology arena, India must move quickly and recover lost ground. But the present system of
working does not give much confidence.

One can understand the necessity of raising NCIIPC under NTRO given the turf war between
the concerned ministries and bureaucratic hurdles. The organisation has done a yeomen's job.
But is it now time for NCIIPC to come out to shadow of intelligence organisation like NTRO
and assert itself independently?

All the issues concern with this particular incidence must be analysed threadbare, lessons
learned and corrective measures taken. The Nation must be assured of the resilience of India's
critical information infrastrcture. It is a given that breach will take place. The issue is what we
do after the breach has happened. Can we hack the hackers? What is our deterrence capabilities
against an adversary like China?

It seems India has miles to go in the cyber domain.

REFERENCE

1. David E. Sanger and Emily Schmall, China Appears to Warn India: Push Too Hard and the
Lights Could Go Out, February 28, 2021 available at:
https://www.nytimes.com/2021/02/28/us/politics/china-indiahacking-electricity.html
2. China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border
Tensions, February 28, 2021 available at: https://www.recordedfuture.com/redecho-
targeting-indian-power-sector/
3. : https://www.siasat.com/india-thwarted-chinas-cyber-attacks-on-power-sector-2100833/
4. Adam Janofsky, China-Linked Hackers Target India’s Power Grid Amid Border Clashes,
March 1, 2021 available at: https://therecord.media/china-linked-hackers-target-indias-
power-grid-amid-border-clashes/
5. 2 John Leyden,Indian cyber-espionage activity rising amid growing rivalry with China,
Pakistan, 25 February 2021available at: https://portswigger.net/daily-swig/indian-cyber-
espionage-activity-rising-amid-growingrivalry-with-china-pakistan

16