Research report links RedFoxtrot attack group to Chinese government
An American cyber company said its researchers have identified ties between an intelligence unit of the Chinese Army based in Xinjiang province and the malicious group that focuses on collection of military information from countries in Asia
Mandi Kogosowski
| 23/06/2021
Chinese President Xi Jinping earlier this year. Photo: REUTERS/Carlos Barria
American cyber defense company Recorded Future published last week an extensive report that indicates that a series of cyber espionage incidents that have been identified starting from 2014, which have focused on collection of military information from countries in Asia, are connected to the Chinese military intelligence apparatus. The company identified ties between a malicious cyber group called RedFoxtrot, which is suspected of having connections to the Chinese government, and an intelligence unit of the Chinese Army called Unit 69010 located in Urumqi, the capital of Xinjiang province.
"RedFoxtrot has been active since at least 2014 and predominantly targets government, defense, and telecommunications sectors across Central Asia, India, and Pakistan, aligning with the likely operational remit of Unit 69010," the researchers wrote.
"Within the past 6 months, (the company's research group) detected RedFoxtrot network intrusions targeting 3 Indian aerospace and defense contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region," the report said.
The researchers added that it is likely that the attack group has extensive infrastructure and that it employs various types of malware commonly used by espionage groups attributed to China such as Temp.Trident and Nomad Panda.
An American cyber company said its researchers have identified ties between an intelligence unit of the Chinese Army based in Xinjiang province and the malicious group that focuses on collection of military information from countries in Asia
Chinese President Xi Jinping earlier this year. Photo: REUTERS/Carlos Barria
American cyber defense company Recorded Future published last week an extensive report that indicates that a series of cyber espionage incidents that have been identified starting from 2014, which have focused on collection of military information from countries in Asia, are connected to the Chinese military intelligence apparatus. The company identified ties between a malicious cyber group called RedFoxtrot, which is suspected of having connections to the Chinese government, and an intelligence unit of the Chinese Army called Unit 69010 located in Urumqi, the capital of Xinjiang province.
"RedFoxtrot has been active since at least 2014 and predominantly targets government, defense, and telecommunications sectors across Central Asia, India, and Pakistan, aligning with the likely operational remit of Unit 69010," the researchers wrote.
"Within the past 6 months, (the company's research group) detected RedFoxtrot network intrusions targeting 3 Indian aerospace and defense contractors; major telecommunications providers in Afghanistan, India, Kazakhstan, and Pakistan; and multiple government agencies across the region," the report said.
The researchers added that it is likely that the attack group has extensive infrastructure and that it employs various types of malware commonly used by espionage groups attributed to China such as Temp.Trident and Nomad Panda.
