Red Ladon

Red Ladon, also known as APT40 and TA423, is a threat actor believed to be operating out of Hainan Island, China. This group has been identified by cybersecurity researchers as the entity behind various malicious activities, including those targeting government agencies and industry manufacturers. Between April and mid-June 2022, Red Ladon targeted Australian government agencies and manufacturers involved in the maintenance of wind turbine fleets in the South China Sea region during the ScanBox campaign. The group's activities are assessed with moderate confidence to be attributable to TA423/Red Ladon by Proofpoint, based on multiple reports from sources such as the US Cybersecurity & Infrastructure Security Agency (CISA), Mandiant, and Intrusion Truth. Notably, the group was indicted in 2021 by the US Department of Justice (DoJ) for providing long-term support to the Hainan Province Ministry of State Security (MSS), highlighting the group's potential ties to state-sponsored cyber-espionage activities. Despite the indictment, there has not been a noticeable disruption in the operational tempo of Red Ladon. Analysts collectively expect the group to continue its intelligence-gathering and espionage missions. The persistent activity of this threat actor underscores the ongoing risk posed to entities that could be targeted for strategic information or access, emphasizing the need for robust cybersecurity measures and threat awareness.