EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Attack Against Tata Power Highlights Cyber Risk to India’s Growing and Increasingly Connected Population 

In this issue of The Analyst Prompt, we look at a recent cyberattack targeting a high-profile energy supplier in India, and an example of Dutch law enforcement success against cybercriminals.

EclecticIQ Threat Research Team October 27, 2022

EIQ_socialbanner_CTI_Reports_2022_20

Key Infrastructure and Critical Vulnerabilities: Attack Against Tata Power Highlights Cyber Risk to India’s Growing and Increasingly Connected Population

On Friday, October 14, Indian electricity provider Tata reported it was suffering the effects of a cyberattack against its network. (1) In late October, Hive ransomware claimed the attack and began leaking data stolen from Tata Power on its website. (16) This was not the first time Indian power infrastructure was targeted in a cyberattack. So far has been no long-term infrastructure damage, but attacks against vulnerable power infrastructure which are widespread or occur at critical times have the potential to be disruptive to government, commerce, and daily living. Indian authorities blamed malware for a two-hour long power outage also in Mumbai in October 2020, and later indicated they believed the incident to be the result of deliberate action, according to press reports. The investigation uncovered suspicious logins to servers connected to the power utility network and traced the logins to several countries outside India. (3, 4)

According to its website, Tata Power serves millions of customers across India and has been in the power sector for over one hundred years (2), making it a highly visible and attractive target for attackers who want to leverage a wide attack surface to achieve maximum disruption for their efforts. Cyberattacks against India’s critical infrastructure are well-documented. Recorded Future in February 2021 published a report highlighting intrusion activity against India’s power grid, which it blamed on Chinese actors using a modular backdoor called ShadowPad, which it claimed it increasingly used by China’s People’s Liberation Army (PLA). (5) [For more on how ShadowPad works, check out this report by Sentinel Labs. (6)]

Malware: Recent Deadbolt Ransomware Operations Stymied Though Action by Dutch Police

Deadbolt ransomware, first seen in early 2021, is part of a small subset of malware which specifically searches for and targets vulnerable network-attached storage (NAS) devices inside a network. (8) Deadbolt first targeted storage devices manufactured by Taiwan-based company QNAP, for which patches have been available since early this year. (9) In September of this year, QNAP identified and released patches for an additional vulnerability accessible via Photo Station (cloud storage for photos). (10) Asustor NAS devices were also found to be vulnerable to Deadbolt infections. (11) Like many other cybercriminal operators, Deadbolt’s threat actors demanded payment in cryptocurrency in exchange for the decryption key, (10, 11) forcing victims to choose between paying the ransom or losing access to their backups.

On October 14, Dutch Police announced they successfully obtained more than 150 Deadbolt decryption keys. With help from Responders.NU (who tipped off authorities to a method for retrieving decryption keys) and several other organizations, Dutch authorities were able to submit a Bitcoin payment to the group, retrieve the decryption keys, and then cancel the Bitcoin payment before the transaction went through, helping victims in the Netherlands and a dozen other nations retrieve their data. (12, 13, 15)

This event highlights a few key points, for network defenders, it shows the importance of understanding the ongoing evolution of cybercrime TTPs; in this case, the vulnerability of network-attached backups intended to help recover from a cyberattack. For law enforcement, this case underscores the need to understand the protections and vulnerabilities in cryptocurrency networks, and the value of establishing strong partnerships with outside organizations. Finally, it should encourage victims of cybercrimes to continue to come forward and report thefts to the proper authorities. And not least of all, with threat actors stealing huge cryptocurrency sums in 2021 and 2022 (14) observers should ask about the mechanism used for submitting and then retracting a payment from a system which is supposed to be immutable.

 

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research towards your priority area.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

Please refer to our support page for guidance on how to access the feeds.

Appendix

  1. https://www.reuters.com/world/india/indias-tata-power-says-hit-by-cyber-attack-2022-10-14/
  2. https://www.tatapower.com/corporate/overview.aspx
  3. https://www.indiatoday.in/india/story/mumbai-power-outage-malware-attack-1742538-2020-11-20
  4. https://www.opindia.com/2020/11/probe-into-october-12-mumbai-power-outage-suggests-it-was-sabotage/
  5. https://www.recordedfuture.com/continued-targeting-of-indian-power-grid-assets
  6. https://www.sentinelone.com/labs/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/
  7. https://analyticsindiamag.com/does-india-need-a-cybersecurity-ministry/
  8. https://nakedsecurity.sophos.com/2022/03/23/serious-security-deadbolt-the-ransomware-that-goes-straight-for-for-your-backups/
  9. https://www.qnap.com/en/security-advisory/qsa-21-57
  10. https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html
  11. https://www.zdnet.com/article/asustor-warns-users-of-deadbolt-ransomware-attacks/
  12. https://www.politie.nl/nieuws/2022/oktober/14/09-nederlandse-gedupeerde-geholpen-in-unieke-ransomware-actie.html
  13. https://cybernews.com/news/police-trick-deadbolt-ransom-gang/
  14. https://rekt.news/leaderboard/
  15. https://www.malwarebytes.com/blog/news/2022/10/deadbolt-ransomware-gang-tricked-into-giving-victims-free-decryption-keys
  16. https://techcrunch.com/2022/10/25/tata-power-hive-ransomware/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAFCFAmcBu66xcNLGTQ2JOCk6t-KVMFlX7b6lov-sxWxaD_CQP-t7JuaTKO3OWIUxTqBXbVXo4zf3iNpAsMmh7S-9tGdxFbguduX1JSlU_eI8133eJLAP35L4b7L06pwcmjhXjGiUEhSgL8vnhq6FZMdQHs0djUXU6935tA0uARcr

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo