Summary: A recent report by Insikt Group details the sophisticated cyber-espionage operations of the RedDelta APT group, which has been targeting political and governmental entities across multiple regions since mid-2023. Utilizing advanced techniques such as customized PlugX backdoor malware and evolving infection chains, RedDelta aligns its activities with Chinese geopolitical interests.
Threat Actor: RedDelta | RedDelta
Victim: Various political and governmental entities | political and governmental entities
Key Point :
- RedDelta has shifted from using Windows shortcut files to MSC files and HTML spear-phishing links for initiating infections.
- The group employs Cloudflareβs CDN to disguise their command-and-control traffic, complicating detection efforts.
- Targets include Taiwan, Mongolia, and Vietnam, with phishing campaigns themed around local political events and national interests.
- The PlugX backdoor is loaded into memory via DLL search order hijacking, enhancing stealth during operations.
- Newer infection chains utilize the Nim programming language for crafting loaders, further complicating detection.