Redfoxtrot

RedFoxtrot is a potent malware identified as being associated with harmful cyber activities. This malicious software, designed to infiltrate and damage computer systems, can be introduced via suspicious downloads, emails, or websites. Once inside a system, RedFoxtrot has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. Notably, backdoor modifications consistent with the activity of the RedFoxtrot group have been discovered in various instances. In-depth investigations by Recorded Future researchers have uncovered significant links between RedFoxtrot and other notable cyber threats. For instance, PcShare samples found within the network infrastructure of the RedFoxtrot group showed substantial similarities with the RtlShare family. Furthermore, during an investigation into Space Pirates, a large number of intersections were found with previously identified activity. These activities were associated with several groups including Winnti (APT41), Bronze Union (APT27), TA428, RedFoxtrot, Mustang Panda, and Night Dragon, demonstrating the extensive reach and potential collaboration among these threat actors. Quickheal, a backdoor associated with the Needleminer group, has also been linked to RedFoxtrot, further known as Nomad Panda. This connection underscores RedFoxtrot's expansive network and its affiliations with other malicious groups. It is crucial to note that RedFoxtrot's operations have been tied to China's PLA Unit 69010 due to poor operational security (opsec), indicating possible state sponsorship behind this malware.