Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta conducted cyber-espionage campaigns targeting government and diplomatic entities in Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia.
The group employed spear-phishing attacks, utilizing lure documents themed around regional political and cultural events, such as the 2024 Taiwanese presidential candidate Terry Gou and the Vietnamese National Holiday.
RedDelta adapted its infection chain during this period, initially using Windows Shortcut (LNK) files and later transitioning to Microsoft Management Console Snap-In Control (MSC) files to deliver a customized PlugX backdoor.
Notably, the group leveraged Cloudflare’s content distribution network to proxy command-and-control traffic, enhancing their ability to evade detection.
Expert Analysis:
RedDelta’s persistent targeting of Southeast Asian nations underscores China’s strategic interest in the region, aiming to gather intelligence on political developments and diplomatic relations.
The group’s evolving tactics, including the shift to MSC files and the use of legitimate services like Cloudflare for obfuscation, indicate a high level of sophistication and adaptability in their operations.
Read the full article here.
