RedAlpha's Espionage Activity

Recorded Future has shared research for Chinese aligned threat group, RedAlpha who are also likely private contractors utilized by the Chinese government. The group's activity primarily focuses on cyber-espionage and credential theft efforts. Their goal in campaigns is to obtain access to the target's email accounts and any additional online communication. RedAlpha's latest activity has involved targeting verticals in humanitarian, think tank, and government organizations. Observations for the past three years have discovered RedAlpha weaponizing domains to spoof organizations based on the targeted verticals often mimicking their login portals and those of popular email providers. "Outside of generic spoofing of major email and storage service providers like Yahoo (135 typosquat domains), Google (91 typosquat domains), and Microsoft (70 typosquat domains), we observed the use of large numbers of domains typosquatting humanitarian, think tanks, and government organizations." There's a particular focus on organizations in Taiwan most likely to obtain political intelligence. "More generally, Chinese state sponsored groups continue to aggressively target dissident and minority groups and individuals, both domestically through state surveillance and internationally through cyber-enabled intrusion activity." There is concern RedAlpha is targeting under funded, vulnerable communities, with resource constraints.

‍