RedFoxtrot has been active since 2014, primarily targeting aerospace and defence, government, telecommunications, mining, and research organizations in India among other countries.
Afghanistan, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan are the other nations, all of which fall under the operational remit of PLA Unit 69010.
On Thursday, Recorded Future, the world’s largest provider of enterprise security intelligence, disclosed cyber espionage activity ascribed to a suspected Chinese state-sponsored threat activity group known as RedFoxtrot by Recorded Future’s threat research arm Insikt Group.
The Chinese military intelligence organisation, the People’s Liberation Army (PLA) Unit 69010 of the Strategic Support Force (SSF), has been linked to RedFoxtrot’s activities, according to Insikt Group, providing a rare peek into SSF operations since the PLA’s reform in 2015.
Intrusions targeting sectors spanning surrounding Asian countries were detected by the Recorded Future’s large-scale, automated network traffic analytics and expert analysis.
RedFoxtrot has been active since 2014, primarily targeting aerospace and defence, government, telecommunications, mining, and research organisations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan, aligning with PLA Unit 69010’s operational remit.
RedFoxtrot employs both customised and publicly available malware families often utilised by Chinese cyber espionage groups.
Threat groups tracked by other security vendors, such as Temp.Trident and Nomad Panda, overlap with RedFoxtrot’s activity.
Based on discovered links to a specific PLA unit and the use of shared custom capabilities considered unique to Chinese cyber espionage groups, it is highly likely that RedFoxtrot is a Chinese state-sponsored threat activity group.
Christopher Ahlberg, CEO and Co-Founder, Recorded Future, said “The recent activity of the People’s Liberation Army has largely been a black box for the intelligence community. Being able to provide this rare end-to-end glimpse into PLA activity and Chinese military tactics and motivations provides invaluable insight into the global threat landscape. The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government’s security posture”.