Recorded Future researchers have “excessive” confidence that RedAlpha is sponsored by the Chinese authorities as the entire targets “fall inside [its] strategic pursuits,” says Jon Condra, director of the group’s strategic threats crew.
Perhaps unsurprisingly, the hacking group has over the previous few years been notably enthusiastic about organizations in Taiwan, together with the Democratic Progressive Party and the American Institute in Taiwan, which is the de facto United States embassy within the small island democracy. The authorities in Beijing claims Taiwan as a part of Chinese territory.
RedAlpha has been lively since no less than 2015, although it wasn’t publicly identified until 2018, in a report by Citizen Lab. It has persistently focused teams that the Chinese Communist Party calls the “5 poisons”: Tibetans, Uyghurs, Taiwanese, democracy activists, and the Falun Gong. All of those embody home dissidents who, for varied causes, criticize and problem the Communist Party’s grip on China. They additionally share worldwide visibility and help.
Citizen Lab’s work first uncovered RedAlpha’s marketing campaign in opposition to the Tibetan group, authorities businesses, and a media group. In the years since, Recorded Future has recognized additional cyber campaigns in opposition to Tibetans, and final 12 months a report from PricewaterhouseCoopers indicated that the group is increasing its focus to incorporate people, susceptible ethnic teams, civil society organizations, and a rising variety of authorities businesses.
What’s notably attention-grabbing about these new findings is that RedAlpha remains to be working with the identical easy and cheap playbook that it used years in the past. In reality, this newest slate of espionage was linked to earlier campaigns as a result of the group reused most of the identical domains, IP addresses, techniques, malware, and even area registration info that has been publicly recognized by cybersecurity specialists for years.