top of page

RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Geo Humanitarian, Think Tank, etc

Over the past 3 years, Recorded Future have observed RedAlpha registering and weaponizing hundreds of domains spoofing organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organizations that fall within the strategic interests of the Chinese government. Historically, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities. As highlighted within this report, in recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organizations in Taiwan, likely in an effort to gather political intelligence.


INDUSTRIES: Government, Education

ATT&CK IDS: T1134.001 - Token Impersonation/Theft, T1078 - Valid Accounts, T1081 - Credentials in Files, T1212 - Exploitation for Credential Access, T1566 - Phishing, T1204.002 - Malicious File, T1204.001 - Malicious Link

Read More:



댓글 작성이 차단되었습니다.
bottom of page