Red Phoenix

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Red Phoenix, also known as Budworm, APT27, Emissary Panda, Bronze Union, Lucky Mouse, and Iron Tiger, is a notorious malware that has been active since at least 2013. It is associated with a Chinese advanced persistent threat (APT) operation, targeting various industry verticals for intelligence gathering purposes. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. On September 30, 2023, new attacks were reported by The Hacker News and SC Magazine. These attacks involved an updated version of the SysUpdate toolkit deployed by the Red Phoenix operation. The victims of these sophisticated cyber-attacks were an Asian government and a Middle East-based telecommunications provider. These attacks demonstrate the continued evolution and persistence of this threat actor in its cyber espionage activities. The use of the updated SysUpdate toolkit indicates a significant development in the capabilities of the Red Phoenix operation. This new wave of attacks underscores the ongoing threat posed by state-sponsored cybercrime and the need for robust cybersecurity measures across all sectors. Given Red Phoenix's history and the scale of its operations, organizations worldwide must remain vigilant and proactive in their defense against such advanced persistent threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Emissary Panda
1
Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa
Budworm
1
Budworm, also known as LuckyMouse or APT 27, is a threat actor that has been associated with various high-profile cyber attacks. This group has been found to utilize tools such as the Korplug backdoor, which is commonly used by multiple Advanced Persistent Threats (APTs) including Budworm and APT41,
APT27
1
APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario
BRONZE UNION
1
Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific
SysUpdate
1
SysUpdate is a malicious software variant that has been exclusively used by Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix. In December 2020, a sample of the SysUpdate malware variant was found, with its payload being a new version of SysUpdate.
Lucky Mouse
1
Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Red Phoenix Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
CERT-EU
10 months ago
DDoS attack hits Russian flight booking system claimed by Ukrainian hackers
CERT-EU
10 months ago
Asian government, telco targeted by Chinese APT