New Delhi: A hacking group allegedly backed by the Chinese government is attacking governments, NGOs, news publications and think tanks globally, including India’s National Informatics Center (NIC) – sending them emails that, once opened On the go, their login credentials were used to steal. The group known as ‘RedAlpha’ constantly scours login pages for NIC, which manages the extensive IT infrastructure and services for the Indian government. The hacking group had weaponized at least 350 domains last year alone.
The China-sponsored hacking group defrauded organizations such as the International Federation for Human Rights (FIDH), Amnesty International, Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), American Institute in Taiwan (AIT). , and other global governments, think tanks and humanitarian organizations that “fall under the strategic interests of the Chinese government”. ,Also read: Sovereign Gold Bond Scheme Opens From Today: 5 Days To Buy Gold At Low Prices,
According to a report by cybersecurity firm Recorded Future, the group is engaged in direct targeting of ethnic and religious minorities, including individuals and organizations within the Tibetan and Uyghur communities. “In recent years RedAlpha has shown a particular interest in defrauding political, government and think-tank organizations in Taiwan, possibly in an effort to gather political intelligence,” the report said. ,Also read: New Pay Code: Important meeting today, discussion on allowances, salary structure,
The China-based hacking group targeted individuals through emails containing Abasic PDF files with links to phishing sites, usually saying that the user needed to click on the link to preview or download the files. Over the past three years, RedAlpha continued to conduct credential-phishing activity by using large clusters of operational infrastructure to support the campaigns.
“In late 2019 and early 2020, the group probably moved away from the older infrastructure TTP displayed in public reporting, such as registering domains through GoDaddy and hosting on the Choopa (Vultr) and Forewin telecom infrastructure,” the report revealed. walked. The researchers observed that RedAlpha consistently registers domains that defraud the Taiwanese or Taiwan-based government, think tanks and political organizations.
In particular, this includes the registration of several domains that mimic the American Institute in Taiwan (AIT), which is the de facto embassy of the United States in Taiwan, at a time of escalating US-China tensions regarding Taiwan over the past year. during,” he said. RedAlpha’s activity has expanded over the years to include credential-phishing campaigns that defrauded ministries of foreign affairs in several countries. A spokesman for the Chinese government told MIT Technology Review that the country opposes all cyber attacks and will “never encourage, support or collude” to carry out such activity.