Cyber Espionage / Cyber Attack
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.
“The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an Association of Southeast Asian Nations (ASEAN) meeting,” Recorded Future’s Insikt Group said in a new analysis.
It’s believed that the group’s activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in Southeast Asia, Mongolia, and Europe.
“RedDelta’s activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in Southeast Asia, Mongolia, and Europe,” the company said.
“The group’s Asia-focused targeting in 2023 and 2024 represents a return to the group’s historical focus after targeting European organizations in 2022. RedDelta’s targeting of Mongolia and Taiwan is consistent with the group’s past targeting of groups seen as threats to the Chinese Communist Party’s power.”
The development comes amid a report from Bloomberg that the recent cyber attack targeting the U.S. Treasury Department was perpetrated by a fellow hacking group known as Silk Typhoon (aka Hafnium), which was previously attributed to the zero-day exploitation of four security flaws in Microsoft Exchange Server (aka ProxyLogon) in early 2021.
