China on denied last Thursday any connection to cyberattacks targeting seven facilities managing the electricity grid in Northern India after a new report from Recorded Future implicated a group potentially connected to the country’s military. Recorded Future said it observed “likely network intrusions targeting at least 7 Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch” near the disputed India-China border in Ladakh. SLDCs are responsible for carrying out real-time operations for grid control and electricity dispatch, making them critical for maintaining access to supervisory control and data acquisition (SCADA) systems. Read more about it here.

Chinese state-backed advanced persistent threat (APT) group Antlion has been targeting financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. The attackers deployed a custom backdoor we have called xPack on compromised systems, which gave them extensive access to victim machines. The backdoor allowed the attackers to run WMI commands remotely, while there is also evidence that they leveraged EternalBlue exploits in the backdoor.   Read more about it here.