top of page
Search
Writer's pictureStormsec

RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Geo Humanitarian, Think Tank, etc

Over the past 3 years, Recorded Future have observed RedAlpha registering and weaponizing hundreds of domains spoofing organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organizations that fall within the strategic interests of the Chinese government. Historically, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities. As highlighted within this report, in recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organizations in Taiwan, likely in an effort to gather political intelligence.




ADVERSARY: RedAlpha


INDUSTRIES: Government, Education


ATT&CK IDS: T1134.001 - Token Impersonation/Theft, T1078 - Valid Accounts, T1081 - Credentials in Files, T1212 - Exploitation for Credential Access, T1566 - Phishing, T1204.002 - Malicious File, T1204.001 - Malicious Link


Read More:

3 views

Comentários


Os comentários foram desativados.
bottom of page