2025-01-15 03:08:55 Pacfic
RedDelta Chinese APT Cyber Espionage Operations - 4d
The Chinese state-sponsored cyber espionage group known as RedDelta, also referred to as Mustang Panda, has been actively targeting several countries in Asia and beyond since July 2023. Their operations have primarily focused on Mongolia, Taiwan, and Southeast Asia, but have also extended to Japan, the United States, Ethiopia, Brazil, Australia and India. RedDelta employs sophisticated spearphishing techniques, using lure documents themed around political and cultural events, such as the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia and meeting invitations. The group has been observed distributing its customized PlugX backdoor through adapted infection chains, targeting government and diplomatic organizations.
RedDelta has evolved its attack methods over time, initially using Windows Shortcut (LNK) files, transitioning to Microsoft Management Console Snap-In Control (MSC) files in 2024, and most recently using HTML files hosted on Microsoft Azure. Since July 2023 they consistently used the Cloudflare content distribution network (CDN) to proxy command-and-control (C2) traffic in order to blend in with legitimate network activity, making victim identification more difficult. The group’s activities, which have included successful compromises of the Mongolian Ministry of Defense and the Communist Party of Vietnam, align with the Chinese governments strategic priorities in Asia.
ImgSrc: cms.recordedfuture.com
References:
- Malware Analysis, News and Indicators - Latest topics - RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 4d
- www.recordedfuture.com - RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 4d
- @screaminggoat - RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 4d
- www.recordedfuture.com - RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 4d
- www.recordedfuture.com - RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 4d
- The Hacker News - RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns - 3d
- app.recordedfuture.com - Recorded Future: RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats - 2d
- osint10x.com - RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns - 2d
- securityonline.info - RedDelta Leverages PlugX Backdoor in State-Sponsored Espionage Campaigns - 1d
Classification:
- HashTags: RedDelta PlugX CyberThreat
- Company: China
- Target: Mongolia, Taiwan, Southeast Asia
- Attacker: RedDelta
- Product: Government Infrastructure
- Feature: PlugX Backdoor
- Type: Espionage
- Severity: Major