Chinese Group "RedFoxtrot Attacking Asian Countries Defense Networks jshop-prosu, cvv-shopru

The research team of the Insikt Group of the information security company Recorded Future has recently recognized a connection between the hacker group RedFoxtrot and the People’s Liberation Army of China.
But, in particular with the Unit 69010 unit operating from Urumqi, the administrative center of the Xinjiang Uygur Autonomous Region. 
Thinking about Unit 69010? It is the Military Unit Cover Designator of the Second Technical Reconnaissance Bureau (MUCD). A structure within the SSF (Strategic Support Force) under the China Network Systems Department.
A recent US report has revealed that the Chinese hackers of the RedFoxtrot group have been targeting Indian defense agencies, Aerospace networks, other companies in India, and many other organizations in several Asian countries for almost six months.
While the US cybersecurity firm, Recorded Future had also issued a similar report in March this year before the fire broke out in Beijing, and in that report, they specified the RedEcho. 
The report claims that the Chinese hacker group called ‘RedEcho’ targeted all the power departments of the country, including NTPC, India’s largest power company.
RedFoxtrot attacks are focused on the government, telecommunications, and defense sectors in Central Asia, India, and Pakistan.
In the past six months, the RedFoxtrot Group has attacked three Indian aerospace and defense entrepreneurs. And not only that even it has also as well as telecommunications companies and government agencies in Afghanistan, India, Kazakhstan, and Pakistan.
The malware used by the hacker of this group in their campaigns is linked to Chinese stat-sponsored hacking groups, and here is the list of malware used is mentioned below:-
The RedFoxtrot Group has been active since at least 2014, targeting government, security, and telecommunications sectors across Central Asia, India, and Pakistan in a manner consistent with the possible operational scope of Unit 69010.
The security researchers claimed that through the online activities of a surmised RedFoxtrot threat actor, the links between the RedFoxtrot’s operational infrastructure and PLA Unit 69010 was recognized by the Insikt Group.
Apart from this, the analysts at Insikt Group have managed to unveil the physical address of PLA Unit 69010 headquarters (No. 553, Wenquan East Road, Shuimogou District, Urumqi, Xinjiang).
And all this becomes possible due to the weak security measures that are exercised by the members of this unit’s Operational Security (OpSec).
Moreover, all the associated malware samples used by the hackers in their active interventions over the past 6 months, and a large batch of RedFoxtrot infrastructure has been detected by the Insikt Group by the Network Traffic Analysis (NTA) of Recorded Future.
Researchers have also reported the high-level trends in the group’s TTPs, and here they are mentioned below:-
While Christopher Ahlberg, the CEO and Co-Founder of Recorded Future affirmed:-
“The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government’s security posture.”
jshop-prosu cvv-shopru

This entry was posted in Статьи. Bookmark the permalink.