A Chinese state-sponsored cyber-espionage group, RedNovember, has been actively targeting unpatched internet-facing devices of various organizations worldwide, emphasizing the importance of timely patching. The group employs tools like Pantegana, SparkRAT, and Cobalt Strike to exploit vulnerabilities in devices such as SonicWall, Cisco ASA, and Palo Alto GlobalProtect, often following disclosure of exploits. #RedNovember #ChineseThreatActors #EdgeDevices #Vulnerabilities #CyberEspionage
Keypoints
- RedNovember has targeted government, defense, aerospace, and law organizations globally from June 2024 to July 2025.
- The group primarily exploits vulnerabilities in internet-facing devices like VPNs, firewalls, and email servers.
- Tools such as Pantegana, SparkRAT, and Cobalt Strike are used for initial access and post-exploitation activities.
- Targeted vulnerabilities include CVE-2022-30190, CVE-2024-3400, and CVE-2024-24919, often following exploit disclosures.
- Major targets are in the U.S., Taiwan, South Korea, and Panama, with specific emphasis on edge device vulnerabilities.
Read More: https://thecyberexpress.com/china-rednovember-unpatched-edge-devices/