A Chinese cyberespionage group named RedNovember has infiltrated various organizations across the globe, targeting government, defense, and industry sectors using sophisticated attack tools. The group continues to exploit vulnerabilities in edge devices and remote access portals, maintaining long-term access in some cases. #RedNovember #Pantegana
Keypoints
- RedNovember is a Chinese cyberespionage group targeting organizations worldwide from July 2024 to July 2025.
- The group used edge device vulnerabilities and Outlook Web Access portals for initial access.
- Tools like Pantegana, Cobalt Strike, and SparkRAT are utilized for command-and-control and reconnaissance activities.
- RedNovember targeted various sectors including government, defense, aerospace, media, and financial institutions.
- The group is expected to continue exploiting new vulnerabilities in edge devices and remote access systems.
Read More: https://www.securityweek.com/chinese-cyberspies-hacked-us-defense-contractors/