When using an online casino, someone may be spying on your gaming activities.
A recent study found that governments, telecommunications companies and even online gambling operators in at least 17 countries have fallen victim to cyberattacks.These were allegedly carried out by hackers affiliated with China's Ministry of State Security, a purported private intelligence agency, since 2021.
A team at Insikt Group, the threat research arm of global threat analysis firm Recorded Future, has been analyzing RedHotel, a sophisticated cyber-espionage organization allegedly backed by China.The group is notorious for orchestrating a number of sophisticated malware attacks and espionage campaigns targeting various countries in Southeast Asia and Asia.
Recorded Future has discovered an extensive network that includes Afghanistan, Bangladesh, Cambodia, Hong Kong, India, Malaysia, Palestine, the Philippines, Thailand, Taiwan, the United States and Vietnam.
While the hackers mostly targeted important political groups, they also appear to have put online gambling platforms on the same level.
A global threat no one notices
John Kondra, who heads Recorded Future's Strategic and Persistent Threats team and co-authored the report, highlighted RedHotel's key role as an ardent supporter of the Chinese nation. RedHotel's support extends to multiple organizations around the world and across a wide range of industries.Microsoft and Secureworks are also tracking the group.
The alleged victims include Hong Kong pro-democracy organizations, Taiwanese research institutes, religious minorities and even online game companies.Kondra points out that RedHotel hacked an unidentified US state government in 2022 and regularly conducts “intelligence gathering alongside economic espionage.”
He added that the group likely operates in Chengdu, China, and is just one of several groups supported by the Chinese government.All these efforts have helped strengthen China's military strength and strengthen its economic dominance.
Southeast Asian governments face considerable danger from this group.However, RedHotel is said to be turning its attention to areas as diverse as education, aviation, media, communications and research and development.
Researchers say the group's main purpose is information gathering and financial espionage.It also noted that several other organizations have been investigating the group's cyberattacks since 2019.
In addition to trying to access legislative bodies in the United States, the group has previously focused on bodies conducting scientific research on COVID-19.Kondra called RedHotel "one of the most active (and) prolific Chinese state-backed groups (tracked by Recorded Future), targeting organizations across a wide range of industries globally." there is
Activities of RedHotel
Recorded Future claims Chengdu has emerged as a central node for China's Advanced Persistent Threat (APT) activity.The group is said to have prominent ties to Chinese businessmen and local universities to help further their cause.
歴史的な前例から、RedHotelはこの活動を平然と続けると予想され、同グループは業界の公的な報告に直面して、定期的に高い運用リスク選好度を示している」とInsikt Groupは警告している。Chinese hackers commonly use a variety of malware in their attacks, including well-known types of software already identified by cybersecurity experts.They may also use custom malware that is difficult to track.
RedHotel first tries to identify vulnerable targets. For years, RedHotel was able to use malware that tricked Windows systems into thinking it was a legitimate Microsoft troubleshooting product, according to Recorded Future.
Once gaining access, the malware will start fetching data and sending it to the group.This software stays on your system and keeps deleting information as much as possible.
Reports this week suggest that government infrastructure may already be at risk.The New York Times reported that Chinese malware was found on "critical" military systems.The Washington Post added that China is encroaching on the "highest levels" of the Japanese government.
Comment