Julian-Ferdinand VögeleMar 20, 2024
My colleagues just released further research exploring infrastructure, tooling, victimology, and personnel overlap between I-SOON and various #Chinese APT groups: #RedAlpha, #RedHotel, & POISON CARP: https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups

Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.

Not SimonMar 20, 2024

Recorded Future publishes a 24 page report on i-SOON and their connections to offensive cyberespionage operations attributed to RedHotel, RedAlpha and POISON CARP. The links indicate that they are likely sub-teams focused on specific missions within the same company. i-SOON's victims span 22 countries, with government, telco and education being the most targeted sectors. i-SOON also supports domestic including the targeting of ethnic and religious minorities and the online gambling industry. i-SOON very likely uses and sells access to custom malware families like Winnti and ShadowPad. IOC provided. 🔗 https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups

#ISOON #cyberespionage #China #APT #threatintel #IOC #redhotel #redalpha #poisoncarp #winnti #shadowpad

Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups

Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.

Not SimonMar 19, 2024

Trend Micro reports on a new China-nexus cyberespionage group (dubbed Earth Krahang) that primarily targets Southeast Asia and then Europe, America, and Africa. It has multiple connections to another Chinese APT Earth Lusca (aka Aquatic Panda, Bronze University, Charcoal Typhoon, RedHotel) and potential links to i-SOON. Trend Micro was able to retrieve multiple files from Earth Krahang’s servers, including samples, configuration files, and log files from its attack tools. MITRE ATT&CK TTPs and IOC provided. 🔗 https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html

#EarthKrahang #cyberespionage #EarthLusca #AquaticPanda #CharcoalTyphoon #RedHotel #China #APT #IOC #threatintel #MITREATTACK

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Trend Micro
Natto ThoughtsOct 27, 2023

i-SOON: another company in the APT 41 network. Is Sichuan i-SOON an APT? Could Sichuan i-SOON stand behind Redhotel/Earth Lusca operations?

https://nattothoughts.substack.com/p/i-soon-another-company-in-the-apt41
#APT #apt41 #RedHotel #China #Earth Lusca #Winnti #chengdu404 #i-SOON

i-SOON: Another Company in the APT41 Network

A lawsuit casts light on the ecosystem of IT companies related to Chengdu 404, the company allegedly behind Chinese state-sponsored hacking group APT41.

Natto Thoughts
Matt WillemsenAug 9, 2023
Chinese hackers targeted at least 17 countries across Asia, Europe and North America
Hackers affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021, according to a new report.
https://therecord.media/chinese-military-hackers-redhotel-target-countries-across-asia-north-america-europe #chinese #military #hackers #redhotel
Chinese hackers targeted at least 17 countries across Asia, Europe and North America

Hackers affiliated with China’s Ministry of State Security targeted a range of government, telecommunications and research organizations across at least 17 countries since 2021, according to a new report.