Global Impact of China-Linked Cyber Attacks: 17 Nations Targeted Over Three Years
August 9, 2023
In a significant escalation of cyber threats, hackers affiliated with China’s Ministry of State Security (MSS) have been implicated in a comprehensive cyber campaign spanning 17 nations across Asia, Europe, and North America from 2021 to 2023. Cybersecurity firm Recorded Future has traced these activities to a state-sponsored group designated as RedHotel, formerly known as Threat Activity Group-22 (TAG-22). This group intersects with various monitored entities, including Aquatic Panda, Bronze University, Charcoal Typhoon, Earth Lusca, and Red Scylla (or Red Dev 10).
Since its emergence in 2019, RedHotel has concentrated its efforts on sectors that are critical to national and economic security. Notable targets include institutions within academia, aerospace, government, media, telecommunications, and research. A significant proportion of the affected entities over this three-year span have been government organizations, raising alarms about the implications for national security and public infrastructure.
Recorded Future highlighted that RedHotel operates with dual objectives: intelligence collection and economic espionage. The firm emphasized the group’s relentless pursuit, operational depth, and expansive geographical footprint. The attacks appear meticulously designed to exploit vulnerabilities in both public sector organizations and key industry players, underscoring the pressing need for advanced cybersecurity measures.
The methods employed by RedHotel align with several tactics and techniques outlined in the MITRE ATT&CK Matrix, which provides a framework for analyzing adversary behavior. Initial access may have been secured through phishing schemes or exploiting public-facing applications, allowing the intruders to gain entry into secure networks. Once inside, the attackers could have established persistence—ensuring their continued access—by deploying malware or compromising valid user credentials.
Privilege escalation is likely another element of their approach, enabling attackers to access higher-level functions within compromised systems. By leveraging these access rights, the intruders can exfiltrate sensitive information, conduct surveillance, and carry out further malicious activities with minimal detection risk.
As this trend of cyber espionage continues to evolve, business owners and organizational leaders must remain vigilant. The heightened activity from state-sponsored groups like RedHotel stresses the urgent need for robust cybersecurity frameworks and proactive incident-response strategies. In a landscape where the boundaries between state interests and private sector vulnerabilities are increasingly blurred, understanding the potential tactics employed by such groups becomes paramount in safeguarding sensitive information and infrastructure.
The scope of RedHotel’s operations illustrates the broader implications of cyber threats that cut across borders, emphasizing the necessity for international cooperation in cybersecurity efforts. For organizations operating in susceptible sectors, awareness and preparedness are essential components in the ongoing battle against sophisticated cyber adversaries.
