Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
Aug 17, 2022
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new report. A lesser-known threat actor, RedAlpha was first documented by Citizen Lab in January 2018 and has a history of conducting cyber espionage and surveillance operations directed against the Tibetan community, some in India, to facilitate intelligence collection through the deployment of the NjRAT backdoor . "The campaigns [...] combine light reconnaissance, selective targeting, and diverse malicious tooling," Recorded Future noted at the time. Since then, malicious activities undertaken by the group have involved weaponizing as many as 350 domains that spoof leg