Red Ladon

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Red Ladon, also known as APT40 and TA423, is a threat actor believed to be operating out of Hainan Island, China. This group has been identified by cybersecurity researchers as the entity behind various malicious activities, including those targeting government agencies and industry manufacturers. Between April and mid-June 2022, Red Ladon targeted Australian government agencies and manufacturers involved in the maintenance of wind turbine fleets in the South China Sea region during the ScanBox campaign. The group's activities are assessed with moderate confidence to be attributable to TA423/Red Ladon by Proofpoint, based on multiple reports from sources such as the US Cybersecurity & Infrastructure Security Agency (CISA), Mandiant, and Intrusion Truth. Notably, the group was indicted in 2021 by the US Department of Justice (DoJ) for providing long-term support to the Hainan Province Ministry of State Security (MSS), highlighting the group's potential ties to state-sponsored cyber-espionage activities. Despite the indictment, there has not been a noticeable disruption in the operational tempo of Red Ladon. Analysts collectively expect the group to continue its intelligence-gathering and espionage missions. The persistent activity of this threat actor underscores the ongoing risk posed to entities that could be targeted for strategic information or access, emphasizing the need for robust cybersecurity measures and threat awareness.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT40
1
APT40, a Chinese cyber espionage group suspected to be linked to the People's Republic of China (PRC) Ministry of State Security, has been identified as a significant threat actor. The group typically targets countries strategically important to China's Belt and Road Initiative. Over the years, APT4
Ta423
1
TA423, also known as Red Ladon, is a threat actor believed to be operating out of Hainan Island, China. This entity, identified by cybersecurity researchers, is suspected of conducting cyber espionage activities with malicious intent. Recent findings suggest that TA423 has been involved in a waterin
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
China
Apt
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Red Ladon Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
Threat Post
a year ago
Watering Hole Attacks Push ScanBox Keylogger