CYBER BREACH: RedAlpha - Chinese sponsored cyber-crime group been hacking NGOs and Governments for years
Posted By: Iain Fraser - Cybersecurity Journalist | Consultant Cybersecurity Desk Editor
Evidence has emerged that RedAlpha the Chinese sponsored cybercrime group has been conducting a "multi-year credential theft campaign" targeting humanitarian groups, think tanks and Governments for years - as its designated title would suggest.
The revelation by Insikt Group, the threat research division of Recorded Future one of the globe´s leading intelligence firms.
Those targeted for “credential-phishing” since 2019 include the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan, Taiwan’s ruling Democratic Progressive Party (DPP), and India’s National Informatics Centre, according to Recorded Future.
The Insikt Group report details multiple campaigns conducted by the likely Chinese state-sponsored threat activity group RedAlpha. The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis. Data sources include the Recorded Future® Platform, SecurityTrails, PolySwarm, DomainTools Iris, urlscan, and common open-source tools and techniques.
RedAlpha targeted the organisations with emails containing PDFs that, once clicked, would lead to a fake portal page used to collect their login credentials, the Massachusetts-based cybersecurity firm said. Recorded Future commented that RedAlpha likely targeted Taiwan-based organisations and human rights groups to gather intelligence on the self-governing democracy and ethnic and religious minority groups, respectively.
The findings will be most of interest to individuals and organizations with strategic and operational intelligence requirements relating to Chinese cyber threat activity, as well as global humanitarian, think tank, and government organizations. Prior to the publication of this report, Recorded Future notified all affected organizations of the identified activity to support incident response and remediation investigations. Learn More /...
About Insikt Group
Insikt Group is Recorded Future’s threat research division, comprising analysts and security researchers with deep government, law enforcement, military, and intelligence agency experience. Learn More /...
About Recorded Future
With more than 1,500 clients across 66 countries, including the governments of 30 countries, over 50% of the Fortune 100 and 40% of the Forbes Global 100, and the largest holdings of interlinked threat data sets, Recorded Future is the world’s largest intelligence company. Learn More /...