Security News > 2022 > August > Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers
A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations.
The adversary's consistent targeting of think tanks and humanitarian organizations over the past three years falls in line with the strategic interests of the Chinese government, the report added.
The impersonated domains, which also include legitimate email and storage service providers like Yahoo!, Google, and Microsoft, are subsequently used to target proximate organizations and individuals to facilitate credential theft.
Attack chains start with phishing emails containing PDF files that embed malicious links to redirect users to rogue landing pages that mirror the email login portals for the targeted organizations.
The domains used in the credential-phishing activity have been found hosting generic login pages for popular email providers such as Outlook, alongside emulating other email software such as Zimbra used by these specific organizations.
" , coupled with the identification of likely China-based operators, indicates a likely Chinese state-nexus to RedAlpha activity," the researchers said.
News URL
https://thehackernews.com/2022/08/researchers-link-multi-year-mass.html
Related news
- Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Hackers inject malicious JS in Cisco store to steal credit cards, credentials (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)