Mastodawn

The Threat Codex Jan 9, 2025

RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats
#RedDelta
https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia

Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain

Between July 2023 and December 2024, RedDelta, a Chinese state-sponsored group, targeted Mongolia, Taiwan, and Southeast Asia using advanced spearphishing campaigns with evolving infection chains and the PlugX backdoor.

avallach Jul 3, 2023

Nice #RedDelta #Plugx report from checkpoint https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/

#threatintel #smugx #MustangPanda

Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

Introduction In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting […]

Check Point Research

Julian-Ferdinand Vögele Dec 23, 2022

New research from Insikt Group has observed activity attributed to likely Chinese state-sponsored threat activity group #RedDelta using a customized variant of the #PlugX backdoor (heavily customized for anti-analysis for detection evasion). More in the report: https://www.recordedfuture.com/reddelta-targets-european-government-organizations-continues-iterate-custom-plugx-variant

RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant | Recorded Future

Insikt Group® examines operations conducted by likely Chinese state-sponsored threat activity group RedDelta targeting organizations across Asia and Europe.

avallach Dec 23, 2022

#RedDelta / #MustangPanda have expanded to using ISO files in addition to RAR and ZIP files.

Also, the config decryption key changed to jOh752oCI for their more recent variants of #plugx.

https://go.recordedfuture.com/hubfs/reports/cta-2022-1223.pdf

ITSEC News Sep 16, 2020

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs - The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic insti... https://threatpost.com/hackers-continue-cyberattacks-against-vatican-catholic-orgs/159306/ #catholicdioceseofhongkong #remoteaccesstrojan #statesponsoredhack #vulnerabilities #chinesehackers #spearphishing #websecurity #cyberattack #catholic #reddelta #vatican #china #plugx #rat

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.

Threatpost - English - Global - threatpost.com

SecurityLab Jul 29, 2020

Китайские хакеры атаковали компьютерные системы Ватикана #RedDelta, #кибератака, #Ватикан https://www.securitylab.ru/news/510609.php https://twitter.com/SecurityLabnews/status/1288377489363013632/photo/1

Китайские хакеры атаковали компьютерные системы Ватикана

Атаки произошли в преддверии перезаключения предварительного соглашения с Пекином о назначении епископов.