A recent study found evidence that various entities, including Government, telecommunications companies, and even online gambling operators in no less than 17 countries around the world have been targeted by cyberattacks that were allegedly carried out by hackers linked to China’s Ministry of State Security since 2021.
As part of the study, the advanced cyber-espionage organization Red Hotel, which has been allegedly backed by the Government of mainland China, has been monitored and analyzed by the team of Insikt Group, a threat-research unit that operates as part of the global threat analysis agency Recorded Future. The Chinese hacker and online-espionage group is notorious for organizing a large number of sophisticated espionage missions and malware attacks targeting nations in the Asian and Southeast-Asian regions.
According to reports of Recorded Future, there is a network of hackers spreading across an extensive list of nations, including the US, India, Hong Kong, the Philippines, Cambodia, Taiwan, Vietnam, Thailand, Malaysia, Bangladesh, Palestine, and Afghanistan. The hacker group originally aimed at attacking significant political entities, but it seems that online gambling platforms also became the target of the attacks at some point.
Jon Condra, who is currently the leader of the Strategic and Persistent Threats team at Recorded Future, highlighted the significant role of RedHotel as a passionate advocate for China. He explained that the group’s support extends to a number of organizations on a global scale and various industry verticals, with SecureWorks and Microsoft also tracking the group.
Multiple Countries in Asia and Southeast Asia Among the Most Common Targets of Chinese Hacker Group
As revealed by Recorded Future, the alleged victims of the hacker group include some pro-democracy organizations in Hong Kong, religious minorities, Taiwan-based research institutions, and online gambling operators. Reportedly, the group also managed to hack into an unidentified US state government last year, and regularly conducts intelligence gathering along with some economic espionage.
The group, which is most likely operating out of the city of Chengdu, is one of the few groups supported by the Government of mainland China and aims at enhancing the country’s economic supremacy and military capabilities.
RedHotel is considered to be posing a significant danger to the Governments of countries in the region of Southeast Asia. The group, however, monitors not only governmental agencies but a diverse range of domains, including education, communications, media, research, aviation, and development. Researchers from Recorded Future claim that the main objective of the Chinese Government-backed group is to collect information and engage in financial espionage.
As mentioned above, Recorded Future believes that the city of Chengdu has emerged as home to China’s advanced persistent threat endeavors. The hacker group allegedly has links to Chinese businessmen and local universities that provide funding to help it advance its efforts. Insikt Group has warned that RedHotel is expected to continue its activity pretty much undisturbed, especially considering the fact that it has been recently demonstrating a high operational risk appetite despite public industry reporting.
Experts have found that Chinese hackers usually employ a range of malware in their attacks, such as various types of software that have already been identified by specialists. Apart from that, such hacker groups also use custom malware that could sometimes be difficult to track.