Chinese state-sponsored group RedDelta conducted cyber-espionage campaigns

Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta conducted cyber-espionage campaigns targeting government and diplomatic entities in Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia.

The group employed spear-phishing attacks, utilizing lure documents themed around regional political and cultural events, such as the 2024 Taiwanese presidential candidate Terry Gou and the Vietnamese National Holiday.

RedDelta adapted its infection chain during this period, initially using Windows Shortcut (LNK) files and later transitioning to Microsoft Management Console Snap-In Control (MSC) files to deliver a customized PlugX backdoor.

Notably, the group leveraged Cloudflare’s content distribution network to proxy command-and-control traffic, enhancing their ability to evade detection.

 

Expert Analysis:
RedDelta’s persistent targeting of Southeast Asian nations underscores China’s strategic interest in the region, aiming to gather intelligence on political developments and diplomatic relations.

The group’s evolving tactics, including the shift to MSC files and the use of legitimate services like Cloudflare for obfuscation, indicate a high level of sophistication and adaptability in their operations.

 

Read the full article here.

Stay informed with us!

You can subscribe to our monthly cybersecurity newsletter to receive updates about us and the industry

Blog

Check the latest updates on threats, stories, events and analysis.

Swiss e-ID and UAE Pass

Swiss e-ID vs UAE Pass: managing digital government identity

FBI Warns of Salesforce Data Theft | What was stolen | ZENDATA

FBI Warns of Salesforce Data Theft

What is Oyster Malware in 2025 | Cyberattack Threats | ZENDATA

What is Oyster Malware and Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes