← All Threat Actors
Threat Actor Profile

RedGolf

No known aliases in database
▲ High Threat
Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward.
Origin China
Sponsor China
Motivation Financial Theft, Espionage, state-sponsored espionage and financially motivated

Target Sectors

Aviation Automotive Education Intergovernmental Media and Entertainment Information Technology Religious Organizations

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD