Recorded Future has newly put forth that a Chinese threat actor, dubbed RedFoxtrot, has been targeting Indian telecom organizations, including BSNL, and other sectors like aerospace and defense providers.
Cybersecurity organization Recorded Future specializes in the collection, processing, analysis, and dissemination of threat intelligence.
If security threat research from Recorded Future’s Insikt Group is to be believed, RedFoxtrot is a suspected Chinese state-sponsored cyber threat gang that has targeted numerous officials i.e government and non-government organizations in the Central and South Asian areas in cyber espionage campaigns.
It was also provided that other than BSNL, another organization, named Alpha Design Technologies was also among the targeted organizations that provide technological services to India’s defense and paramilitary divisions.
Insikt Group said it found specific links between RedFoxtrot’s activities and the People’s Liberation Army (PLA) Unit 69010, China’s military-intelligence apparatus within the Strategic Support Force (SSF). This offered a glimpse into the SSF’s operations since the PLA was restructured in 2015.
RedFoxtrot has been observed to be conducting their mal-operations since 2014, attacking and targeting government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan.
Increased cyber activity on Indian sectors by Chinese threat actors:
The year 2020 saw border tensions between India and China which led to an active targeting of Indian defense contractors by Chinese threat actors.
Back in March 2021, Recorded Future had also put forth a controversial report stating that Chinese group RedEcho actively attacked 10 Indian power sector organizations, including state-run NTPC and Power System Operation Corporation Ltd., two ports, oil and gas assets, and the Indian Railways.
Recorded Future has warned that RedFoxtrot has been supported via significant investments in operations infrastructure and makes use of both, freely-available and custom-made malware.
“The recent activity of the People’s Liberation Army has largely been a black box for the intelligence community. Being able to provide this rare end-to-end glimpse into PLA activity and Chinese military tactics and motivations provides invaluable insight into the global threat landscape. The persistent and pervasive monitoring and collection of intelligence is crucial in order to disrupt adversaries and inform an organization or government’s security posture,” said Christopher Ahlberg, chief executive officer and co-founder of Recorded Future.