RedFoxtrot which is active since 2014 targets aerospace and defense, government, telecommunication, mining, and research organizations in India and other countries. The other countries are Afghanistan, Kazakhstan, Pakistan, Kyrgyzstan, Tajikistan, and Uzbekistan.
Recorded Future, the world’s largest provider of intelligence for enterprise security, on Thursday, revealed cyber-spying ascribed to a suspected Chinese state-sponsored menace spreading group, named RedFoxtrot by its threat research arm Insikt Group.
Inskit Group identified specific ties between RedFoxtrot’s activity and the Chinese military intelligence apparatus the People’s Liberation Army (PLA) Unit 69010 within the Strategic Support Force (SSF), offering a rare glimpse into SSF operations since the PLA’s redesigning in 2015.
Recorded Future’s large-scale, automated network traffic analytics and expert analysis detected intrusions targeting areas across bordering Asian countries.
RedFoxtrot sustains large amounts of operational infrastructure and has employed both customized and publicly available malware families commonly used by Chinese cyberespionage groups. Its activities overlap with threat groups tracked by other security vendors such as Temp.Trident and Nomad Panda.
