Over the past 3 years, Recorded Future have observed RedAlpha registering and weaponizing hundreds of domains spoofing organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organizations that fall within the strategic interests of the Chinese government. Historically, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities. As highlighted within this report, in recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organizations in Taiwan, likely in an effort to gather political intelligence.
TAGS: RedAlpha, Theft, Credential
ADVERSARY: RedAlpha
INDUSTRIES: Government, Education
ATT&CK IDS: T1134.001 - Token Impersonation/Theft, T1078 - Valid Accounts, T1081 - Credentials in Files, T1212 - Exploitation for Credential Access, T1566 - Phishing, T1204.002 - Malicious File, T1204.001 - Malicious Link
Read More:
Comentários