Redfly

Threat Actor updated 23 days ago (2024-11-29T13:47:27.591Z)

Download STIX

Preview STIX

RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significant risk due to their capacity to infiltrate complex systems, potentially causing severe damage and disruption. The group recently executed a noteworthy attack on an Asian national grid, demonstrating the sophistication of their methods. This infiltration was not a brief operation; instead, it was a long-term breach that lasted approximately six months. The duration of this attack underscores RedFly's ability to maintain a persistent presence within compromised systems, which can lead to extensive data theft or operational disruption. This incident is a stark reminder of the ongoing threats posed by such threat actors in the cybersecurity landscape. It emphasizes the need for robust security measures and constant vigilance to detect and counteract such sophisticated attacks. With threat actors like RedFly continuously evolving their tactics, it is crucial for organizations, particularly those managing critical infrastructure like national grids, to regularly review and update their security protocols.

Description last updated: 2024-03-17T13:22:31.194Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Blackfly is a possible alias for Redfly. Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Trojan

Apt

Espionage

Symantec

Windows

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The ShadowPad Malware is associated with Redfly. ShadowPad is a sophisticated malware, known for its use in supply chain attacks, particularly against government entities in South Asia. This modular backdoor, which has been active for approximately seven years, is popular among Chinese threat actors. It was notably used as the payload in an attack	Unspecified	5

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The threatActor Greyfly is associated with Redfly.	Unspecified	2
The APT41 Threat Actor is associated with Redfly. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi	Unspecified	2

Source Document References

Information about the Redfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	4 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	5 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	6 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	10 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs	10 months ago	Security Affairs newsletter Round 460 by Pierluigi Paganini