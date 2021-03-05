How did a secretive Chinese cyber threat group get noticed intruding into Indian critical infrastructure? The answer Is an 18-letter word – ‘AXIOMATICASYMPTOTE’.

This word, which sounds more like a tongue-twister from the Mary Poppins film, is the network infrastructure used in the ShadowPad malware injections. From mid-2020 onwards, Recorded Future, the threat intelligence company, observed a steep rise in the use of infrastructure termed as AXIOMATICASYMPTOTE to target a large swathe of India’s power sector and ports.

In other words, it was this steep rise in the use of this server infrastructure to communicate with the targeted Indian IP addresses which raised vital red flags for threat intelligence analysts and revealed a bigger picture.

In determining that the China-linked group RedEcho was using the AXIOMATICASYMPTOTE infrastructure to carry out its intrusions into the networks of Indian organisations, three important revelations were made: