RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta targeted Mongolia, Taiwan, and Southeast Asian countries with an adapted infection chain to distribute its customized PlugX backdoor. The group used themed lure documents and evolved its tactics, transitioning from Windows Shortcut files to Microsoft Management Console Snap-In Control files, and finally to HTML files hosted on Microsoft Azure. RedDelta consistently used Cloudflare CDN to proxy command-and-control traffic, blending with legitimate traffic. The group's activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in the targeted regions.
OPENCTI LABELS :
plugx,html,spearphishing,microsoft azure,cloudflare cdn,shortcut (lnk) file
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats