Summary: The China-nexus RedDelta threat actor has targeted multiple Southeast Asian countries to deploy a customized version of the PlugX backdoor, utilizing various social engineering tactics. Their activities, which include sophisticated infection chains and the use of legitimate services for command-and-control, reflect a strategic focus on government entities in the region.
Threat Actor: RedDelta | RedDelta
Victim: Various Southeast Asian governments | Southeast Asian governments
Key Point :
- RedDelta has been active since at least 2012, targeting governments and diplomatic organizations in Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia.
- The group employs sophisticated tactics, including spear-phishing and DLL side-loading techniques, to deliver the PlugX backdoor.
- Recent campaigns have utilized Visual Studio Code tunnels and Cloudflare CDN to obfuscate command-and-control traffic.
- RedDelta’s targeting aligns with Chinese strategic priorities, focusing on entities perceived as threats to the Chinese Communist Party.
- Notable compromises include the Mongolian Ministry of Defense and the Communist Party of Vietnam.
Source: https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html