Red Phoenix

Malware updated 9 months ago (2024-11-29T14:48:05.585Z)

Download STIX

Preview STIX

Red Phoenix, also known as Budworm, APT27, Emissary Panda, Bronze Union, Lucky Mouse, and Iron Tiger, is a notorious malware that has been active since at least 2013. It is associated with a Chinese advanced persistent threat (APT) operation, targeting various industry verticals for intelligence gathering purposes. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. On September 30, 2023, new attacks were reported by The Hacker News and SC Magazine. These attacks involved an updated version of the SysUpdate toolkit deployed by the Red Phoenix operation. The victims of these sophisticated cyber-attacks were an Asian government and a Middle East-based telecommunications provider. These attacks demonstrate the continued evolution and persistence of this threat actor in its cyber espionage activities. The use of the updated SysUpdate toolkit indicates a significant development in the capabilities of the Red Phoenix operation. This new wave of attacks underscores the ongoing threat posed by state-sponsored cybercrime and the need for robust cybersecurity measures across all sectors. Given Red Phoenix's history and the scale of its operations, organizations worldwide must remain vigilant and proactive in their defense against such advanced persistent threats.

Description last updated: 2023-10-11T02:55:59.323Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lucky Mouse is a possible alias for Red Phoenix. Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo	2
BRONZE UNION is a possible alias for Red Phoenix. Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Red Phoenix Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a month ago	SharePoint ‘ToolShell’ Vulnerabilities Exploited by Chinese Hackers
CERT-EU	2 years ago	China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
CERT-EU	2 years ago	DDoS attack hits Russian flight booking system claimed by Ukrainian hackers
CERT-EU	2 years ago	Asian government, telco targeted by Chinese APT