Friday, June 14, 2024


Dhaka Tribune

Suspected Chinese hackers spied on gov’ts, NGOs, media

Cybersecurity firm says Amnesty International and Taiwan’s ruling party among organisations targeted in campaign

Update : 23 Aug 2022, 04:34 PM

A hacking group suspected of acting on behalf of the Chinese government has carried out a multi-year espionage campaign against numerous governments, NGOs, think-tanks and news agencies, according to a new report.

The group, known as RedAlpha, has specialised in stealing login details from individuals in organisations considered to be of strategic interest to Beijing, according to the report released by cybersecurity firm Recorded Future.

Those targeted for “credential-phishing” since 2019 include the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan, Taiwan’s ruling Democratic Progressive Party (DPP), and India’s National Informatics Centre, according to Recorded Future.

RedAlpha targeted the organisations with emails containing PDFs that, once clicked, would lead to a fake portal page used to collect their login credentials, the Massachusetts-based cybersecurity firm said.

Recorded Future said RedAlpha likely targeted Taiwan-based organisations and human rights groups to gather intelligence on the self-governing democracy and ethnic and religious minority groups, respectively.

Hanna Linderstal, a cybersecurity researcher and founder of Earhart Business Protection Agency, said the group’s modus operandi is common among hackers.

“These actors use several angles of attack, but the easiest way to get information is often via the employee at the keyboard,” Linderstal told Al Jazeera. 

“IT departments are usually well prepared for cyberattacks… and the targeting actor knows this, so the weak link is the user and the organisation’s routines.”

“The most effective hackers today still take advantage of human weakness,” she added. 

“In 1998, I talked about the importance of strong passwords and security routines and in 2022, I still say the same thing.”

RedAlpha was first identified by Canada’s CitizenLab in 2018 and is believed to have started operating around 2015.

The group is believed to have weaponised some 350 domains last year alone, according to Recorded Future, which said its latest activity bore the hallmarks of previous campaigns.

Recorded Future said it had a “high” degree of confidence the group is operating as a proxy for the Chinese state due to links with state-owned enterprises and military tech research institutions, and its choice of targets that are of clear strategic interest to Beijing.

Intelligence experts say outsourcing espionage work to private contractors is a common tactic of Chinese intelligence agencies.


Top Brokers


Popular Links