Posted on: August 9, 2023, 07:41h.
Last updated on: August 9, 2023, 07:41h.
Someone may be prying on your gaming activity when you visit an online casino. A recent study revealed that government, telecommunications companies and even online gambling operators across at least 17 countries have fallen victim to cyberattacks allegedly carried out by hackers associated with China’s Ministry of State Security, a reportedly civilian intelligence agency, commencing from 2021 onward.
The team at Insikt Group, a threat research department within global threat analysis firm Recorded Future, has been analyzing RedHotel, an advanced cyber-espionage organization allegedly backed by China. This group is notorious for orchestrating numerous sophisticated malware attacks and espionage missions targeting various nations in Southeast Asia and Asia.
They have uncovered a network spread across an extensive range of nations, including Afghanistan, Bangladesh, Cambodia, Hong Kong, India, Malaysia, Palestine, the Philippines, Thailand, Taiwan, the US and Vietnam. The hackers primarily aimed their endeavors at significant political entities, but apparently put online gambling platforms on the same level.
A Global Threat No One Sees
Recorded Future’s Jon Condra, who heads Recorded Future’s Strategic and Persistent Threats team and co-authored the report, highlighted RedHotel’s significant role as an ardent advocate for the Chinese state. Its support extends to multiple organizations worldwide and spans diverse industry verticals. Both Microsoft and SecureWorks track the group, as well.
Its alleged victims include pro-democracy organizations in Hong Kong, research institutions in Taiwan, religious minorities, and even online gaming enterprises. Condra points out that RedHotel hacked into an unidentified US state government in 2022 and regularly conducts “intelligence gathering in tandem with economic espionage.”
He adds that the group is most likely operating out of the Chinese city of Chengdu and is just one of several the Chinese government supports. All these efforts serve to bolster their military capabilities and reinforce their economic supremacy.
The government in Southeast Asia faces a considerable danger from the group. However, RedHotel is reportedly diverting its attention towards diverse domains such as education, aviation, media, communications and research and development.
The researchers state that the main objective of the group is to collect information and engage in financial spying. They further mention that multiple other organizations have conducted investigations into the group’s cyberattacks since 2019.
Alongside trying to gain access to the legislative body of the US, the group has previously focused on entities that were conducting scientific research on COVID-19. Condra calls RedHotel “one of the most active [and] prolific Chinese state-sponsored groups that [Recorded Future tracks] and they target organizations globally across a wide range of industry verticals.”
How They Operate
Recorded Future asserts that Chengdu has emerged as a central node for China’s advanced persistent threat (APT) endeavors. The groups allegedly have notable connections with Chinese businessmen and local universities to help advance their cause.
Based on historical precedent, we expect RedHotel to continue this activity unperturbed, with the group regularly displaying a high operational risk appetite in the face of public industry reporting,” warned Insikt Group.
Chinese hackers commonly employ a range of malware in their attacks, which includes well-known types of software cybersecurity experts have already identified. They also use custom malware that is sometimes more difficult to track.
RedHotel will first try to identify a target that is susceptible to an attack. For years, according to Recorded Future, it was able to use malware that Windows systems thought was a legitimate Microsoft troubleshooting product.
Once it gains access, the malware starts to retrieve data and send it to the group. The software stays on the system, continuously removing information as it can, even “for months or even years after public reporting.”
Reports surfaced this week that suggest that government infrastructures may already be compromised. The New York Times reported that Chinese malware has been found on “critical” military systems. The Washington Post added that China has infiltrated the “highest levels” of the Japanese government.