Cyber Intelligence

Linkedin
  • News
    • Aerospace
    • Apple
    • Arrest
    • Automotive
    • Big Tech
    • Breaking News
    • Business Email Compromise
    • China
    • Chip Technology
    • Cryptocurrency
    • Cyber Budget
    • Cyber Espionage
    • Cyber M&A
    • cybercrime
    • Data Leak
    • deepfake
    • Energy Sector
    • Ethiopia
    • Finance
    • France
    • Geopolitics
    • Government
    • Hacktivism
    • Healthcare
    • Human Error
    • Investment Scam
    • Iran
    • Israel Conflict
    • Malicious Bots
    • Malware
    • North Korea
    • Norton
    • One Minute Roundup
    • ransomware
    • SEC
    • SMB
    • Social Media
    • Sri Lanka
    • Taiwan
    • VPN
    • Wire Fraud
    • Workforce Cyber
  • Analysis
  • Expert Opinions
  • Resources
    • Conferences
    • Glossary of terms
    • Awards
    • Ecosystem map
Reading: Chinese cyber-espionage campaign exposed
Share
Cyber IntelligenceCyber Intelligence
Aa
  • News
  • Analysis
  • Expert Opinions
  • Resources
Search
  • News
    • Aerospace
    • Apple
    • Arrest
    • Automotive
    • Big Tech
    • Breaking News
    • Business Email Compromise
    • China
    • Chip Technology
    • Cryptocurrency
    • Cyber Budget
    • Cyber Espionage
    • Cyber M&A
    • cybercrime
    • Data Leak
    • deepfake
    • Energy Sector
    • Ethiopia
    • Finance
    • France
    • Geopolitics
    • Government
    • Hacktivism
    • Healthcare
    • Human Error
    • Investment Scam
    • Iran
    • Israel Conflict
    • Malicious Bots
    • Malware
    • North Korea
    • Norton
    • One Minute Roundup
    • ransomware
    • SEC
    • SMB
    • Social Media
    • Sri Lanka
    • Taiwan
    • VPN
    • Wire Fraud
    • Workforce Cyber
  • Analysis
  • Expert Opinions
  • Resources
    • Conferences
    • Glossary of terms
    • Awards
    • Ecosystem map

Cyber Intelligence

Linkedin
  • News
    • Aerospace
    • Apple
    • Arrest
    • Automotive
    • Big Tech
    • Breaking News
    • Business Email Compromise
    • China
    • Chip Technology
    • Cryptocurrency
    • Cyber Budget
    • Cyber Espionage
    • Cyber M&A
    • cybercrime
    • Data Leak
    • deepfake
    • Energy Sector
    • Ethiopia
    • Finance
    • France
    • Geopolitics
    • Government
    • Hacktivism
    • Healthcare
    • Human Error
    • Investment Scam
    • Iran
    • Israel Conflict
    • Malicious Bots
    • Malware
    • North Korea
    • Norton
    • One Minute Roundup
    • ransomware
    • SEC
    • SMB
    • Social Media
    • Sri Lanka
    • Taiwan
    • VPN
    • Wire Fraud
    • Workforce Cyber
  • Analysis
  • Expert Opinions
  • Resources
    • Conferences
    • Glossary of terms
    • Awards
    • Ecosystem map
Reading: Chinese cyber-espionage campaign exposed
Share
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
ChinaCyber EspionageNews

Chinese cyber-espionage campaign exposed

John Wilkes
September 1, 2023 at 6:50 AM
By John Wilkes John Wilkes
Share
SHARE

The China-backed hacking group referred to as RedHotel has been linked to attacks in 17 countries during a three-year espionage campaign. According to cybersecurity firm Recorded Future, RedHotel has been infiltrating sectors such as academia, aerospace, government, media, telecoms, and research while operating across the US, Europe, and Asia.

Since at least 2019, RedHotel has exemplified a relentless scope and scale of wider state-sponsored cyber-espionage activity by maintaining a high operational tempo and targeting public and private sector organizations globally. The China-backed group often uses unique bespoke malware. Another aspect of RedHotel’s modus operandi is the use of a multi-tiered infrastructure, each focusing on initial reconnaissance and long-term network access via command-and-control servers, mainly using NameCheap for domain registration. Its campaigns also include innovations such as exploiting a stolen code signing certificate to take control of Vietnamese government infrastructure.

“RedHotel has a dual mission of intelligence gathering and economic espionage. It targets both government entities for traditional intelligence and organizations involved in COVID-19 research and technology R&D,” says Recorded Future.

The group is also observed to have been involved in wider Chinese state-sponsored cyber espionage. While the China-backed group is being tracked under the name RedHotel, it has previously been identified as Threat Activity Group-22 (or TAG-22), overlapping with Aquatic Panda, Bronze University, Charcoal Typhoon, Earth Lusca, and Red Scylla (or Red Dev 10).

Early last year, cybersecurity firm Trend Micro described the group as “a highly-skilled and dangerous threat actor mainly motivated by cyber espionage and financial gain.”

RedHotel’s tactics, techniques, and procedures (TTPs) are reported to be similar to those employed by other contractor groups linked to China’s Ministry of State Security (MSS), making it likely that the group’s main operations are located in the city of Chengdu. With a population of 21 million, it is the fourth-largest urban conurbation in China and is well-known as a center for hacking operations. This places the group well outside any possible jurisdiction from the US or Europe, meaning that the RedHotel hackers can currently carry on spying with impunity.

Aside from the security implications, there is a growing threat to the West’s long-standing technological lead over China. Industrial espionage, of the kind routinely carried out by the RedHotel group, enables China to benefit from the billions of dollars in research and development invested by Western corporations and countries. China’s theft of highly valuable intellectual property already includes technology involving military hardware in addition to commercial technology such as the design and manufacture of gas and steam turbines.

TAGGED: academia, aerospace, chengdu, china, cyber espionage, government, hackers, malware, media, recorded future, redhotel group, telecoms, trend micro
John Wilkes September 8, 2023 September 1, 2023
Share This Article
Twitter LinkedIn Email Copy Link Print
Previous Article The Daily Decrypt - One Minute Roundup New Android malware, MMRat, can unlock phones – August 31st
Next Article Growing diversity in cyber, but still a long way to go
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Editor's Pick

You Might Also Like

CryptocurrencyNewsNorth Korea

Bogus IT workers are defrauding US businesses

The US government has seized over $7.74 million in illegal funds, allegedly siphoned off by illegitimate North Korean Information Technology (IT) workers for the benefit of the North Korean government. The US Department of Justice (DOJ) has filed a civil forfeiture complaint alleging that the IT workers secured employment in the US illegally, racking up millions of dollars in cryptocurrency and bypassing US sanctions placed against North Korea. According to the US Federal Bureau of Investigation (FBI), the use of North Korean IT workers to defraud the US is now taking place on a massive scale.

June 13, 2025
NewsOne Minute RoundupOne Minute Roundup

UK backs AI and intelligence modernization – June 12th

The UK government has announced its plans to invest in digital and artificial intelligence (AI) in public services, including the NHS, aiming to build strong technology foundations and tackle urgent cybersecurity risks.

June 12, 2025
NewsOne Minute RoundupOne Minute Roundup

Cyera secures $540 million in funding – June 11th

Cybersecurity firm Cyera has raised $540 million in a Series E funding round, bringing its total to over $1.3 billion. Cyera’s valuation has surged to $6 billion in six months, reporting a 353 percent year-over-year growth. 

June 11, 2025
One Minute RoundupOne Minute Roundup

Honeywell kicks off AI tools to accelerate industrial autonomy – June 10th

Honeywell has debuted a series of AI-powered tools that intend to boost industrial autonomy, introducing a suite of AI cybersecurity solutions designed to ramp up Operation Technology defenses against the ever-evolving cyberthreat landscape.

June 10, 2025

Cyber Intelligence

We provide in-depth analysis, breaking news, and interviews with some of the leading minds in cybersecurity and distill critical insights that matter to our readers. Daily.

Linkedin

Category

  • Cybercrime
  • News

Quick Links

  • News
    • Aerospace
    • Apple
    • Arrest
    • Automotive
    • Big Tech
    • Breaking News
    • Business Email Compromise
    • China
    • Chip Technology
    • Cryptocurrency
    • Cyber Budget
    • Cyber Espionage
    • Cyber M&A
    • cybercrime
    • Data Leak
    • deepfake
    • Energy Sector
    • Ethiopia
    • Finance
    • France
    • Geopolitics
    • Government
    • Hacktivism
    • Healthcare
    • Human Error
    • Investment Scam
    • Iran
    • Israel Conflict
    • Malicious Bots
    • Malware
    • North Korea
    • Norton
    • One Minute Roundup
    • ransomware
    • SEC
    • SMB
    • Social Media
    • Sri Lanka
    • Taiwan
    • VPN
    • Wire Fraud
    • Workforce Cyber
  • Analysis
  • Expert Opinions
  • Resources
    • Conferences
    • Glossary of terms
    • Awards
    • Ecosystem map

© 2023 Cyberintel.media

Welcome Back!

Sign in to your account

Lost your password?