Security News > 2021 > June > Cyber espionage by Chinese hackers in neighbouring nations is on the rise
A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus.
In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "RedFoxtrot" to the People's Liberation Army Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country.
RedFoxtrot is noted to target government, defense, and telecommunications sectors across Central Asia, India, and Pakistan, with intrusions in the last six months directed against three Indian aerospace and defense contractors as well as major telecommunications providers and government agencies in Afghanistan, India, Kazakhstan, and Pakistan.
Attacks staged by the adversary involved an assortment of open- and closed-source tools that have been shared across Chinese cyber espionage groups, including PlugX, Royal Road RTF weaponizer, QUICKHEAL, PCShare, IceFog, and Poison Ivy RAT. Also observed is the use of AXIOMATICASYMPTOTE infrastructure, which encompasses a modular Windows backdoor called ShadowPad that has been previously attributed to APT41 and subsequently shared between other Chinese state-backed actors.
Domains registered by RedFoxtrot - "Inbsnl.ddns[.]info" and "Adtl.mywire[.]org" - suggest that the threat actor may have set its sights on Indian telecom service provider Bharat Sanchar Nigam Limited and a Bengaluru-based company called Alpha Design Technologies Limited that specializes in research and development of missile, radar, and satellite systems.
The development comes more than three months after another China-linked threat group, dubbed RedEcho, was uncovered targeting India's power grid, including a power plant run by National Thermal Power Corporation Limited and New Delhi-based Power System Operation Corporation Limited.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Russia-linked hackers target webmail servers in Ukraine-related espionage operation (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)