Redalpha

Threat Actor updated 3 months ago (2024-07-09T14:17:39.637Z)

Download STIX

Preview STIX

RedAlpha, also known as DeepCliff, is an advanced persistent threat (APT) group that has been linked to Chinese state-sponsored cyber espionage activities. The group is known for its spyware campaigns against Tibetan minorities and has been identified in association with other threat groups such as RedHotel, Poison Carp, and a private contractor named iSoon. Analysis of leaked data from iSoon by researchers at Recorded Future revealed connections between these entities, indicating a complex network of operations involved in malicious activities like the theft of telecommunications data for tracking individuals. The connection between RedAlpha and iSoon became particularly evident through a credential phishing infrastructure used by both entities. Additional ties were discovered between iSoon and a persona named Liang Guodong, previously linked to RedAlpha, who was found to be registering credential phishing domains. This overlap in malware and tactics suggests a cooperative relationship between these threat actors, enhancing their collective capabilities and reach. Following the public exposure of the iSoon leak, significant changes have been observed in the infrastructure developed by RedAlpha and RedHotel, according to reports from Information Security Media Group. Notably, the Insikt Group has identified new domain and infrastructure developments from both RedAlpha and RedHotel since the leak. This highlights the adaptability of these groups in response to increased scrutiny and the ongoing threat they pose to cybersecurity.

Description last updated: 2024-07-09T13:19:00.925Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Redhotel is a possible alias for Redalpha. RedHotel is a prolific threat actor group, known for its espionage activities targeting organizations of interest to the Chinese government. The group has been active since at least 2019 and operates alongside other threat groups such as RedAlpha and Poison Carp. Researchers at Recorded Future have	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Redalpha Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Recorded Future	3 months ago	Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
BankInfoSecurity	7 months ago	iSoon Leak Shows Links to Chinese APT Groups
Recorded Future	7 months ago	Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups