India targeted through Chinese sponsored threat activity group RedFoxtrot, says Recorded future
text_fields
New Delhi: Recorded Future, the world's largest provider of intelligence for enterprise security, on Thursday, revealed cyber espionage activity attributed to a suspected Chinese state-sponsored threat activity group, named RedFoxtrot.
Recorded Future's threat research arm called Insikt Group identified the specific ties between RedFoxtrot's activity and the Chinese military intelligence apparatus, the People's Liberation Army (PLA) Unit 69010 within the Strategic Support Force (SSF), offering a rare glimpse into SSF operations since the PLA's restructuring in 2015.
RedFoxtrot predominantly targets aerospace and defense, government, telecommunications, mining, and research organizations in India and countries like Afghanistan, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan, aligning with the operational remit of PLA Unit 69010.
Moreover, the activities of RedFoxtrot overlaps with threat groups tracked by other security vendors such as Temp.Trident and Nomad Panda.
RedFoxtrot also maintains large amounts of operational infrastructure and has employed both bespoke and publicly available malware families commonly used by Chinese cyber espionage groups.
"The recent activity of the People's Liberation Army has largely been a black box for the intelligence community. Being able to provide this rare end-to-end glimpse into PLA activity and Chinese military tactics and motivations provides invaluable insight into the global threat landscape. The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government's security posture", said Christopher Ahlberg, CEO and Co-Founder, Recorded Future.