Redalpha

Threat Actor Profile Updated 14 days ago
Download STIX
Preview STIX
RedAlpha, also known as DeepCliff, is an advanced persistent threat (APT) group that has been linked to Chinese state-sponsored cyber espionage activities. The group is known for its spyware campaigns against Tibetan minorities and has been identified in association with other threat groups such as RedHotel, Poison Carp, and a private contractor named iSoon. Analysis of leaked data from iSoon by researchers at Recorded Future revealed connections between these entities, indicating a complex network of operations involved in malicious activities like the theft of telecommunications data for tracking individuals. The connection between RedAlpha and iSoon became particularly evident through a credential phishing infrastructure used by both entities. Additional ties were discovered between iSoon and a persona named Liang Guodong, previously linked to RedAlpha, who was found to be registering credential phishing domains. This overlap in malware and tactics suggests a cooperative relationship between these threat actors, enhancing their collective capabilities and reach. Following the public exposure of the iSoon leak, significant changes have been observed in the infrastructure developed by RedAlpha and RedHotel, according to reports from Information Security Media Group. Notably, the Insikt Group has identified new domain and infrastructure developments from both RedAlpha and RedHotel since the leak. This highlights the adaptability of these groups in response to increased scrutiny and the ongoing threat they pose to cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Redhotel
2
RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun
Deepcliff
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Chinese
Spyware
Malware
ISOON
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
I-SoonUnspecified
1
i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi
Poison CarpUnspecified
1
Poison Carp, also known as Insomnia, is a threat actor that has been associated with various malicious cyber activities. These activities have particularly targeted Tibetan minorities, highlighting the group's focus on specific sociopolitical issues. This threat actor is part of a larger network of
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Redalpha Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
14 days ago
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
BankInfoSecurity
4 months ago
iSoon Leak Shows Links to Chinese APT Groups
Recorded Future
4 months ago
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups