Redjuliett

Threat Actor updated a month ago (2024-11-29T13:43:46.911Z)
Download STIX
Preview STIX
RedJuliett, also known as Flax Typhoon and Ethereal Panda, is a China-linked Advanced Persistent Threat (APT) group that has been reported to control a botnet for malicious activities. This state-sponsored group has been persistently launching espionage attacks on numerous organizations since 2023. According to Insikt Group, the threat research arm of Recorded Future, RedJuliett has targeted approximately 75 organizations in government, academic, and technology sectors across multiple countries. The group has been using the open-source VPN client SoftEther to target these infrastructures, demonstrating their ability to leverage existing technologies for their operations. In Taiwan, RedJuliett has launched significant cyber-attacks against various entities. As of June 24, the group had attacked 24 different government agencies, educational institutions, and technology firms, according to an analysis by Recorded Future. Between November 2023 and April 2024, the group compromised 24 organizations in Taiwan, including an optoelectronics company, a facial recognition company, a waste and pollution treatment company, a publishing house, three universities, and four software companies. These activities indicate a broad range of interests and targets for RedJuliett's operations. Insikt Group anticipates that RedJuliett, along with other Chinese state-sponsored threat actors, will continue targeting Taiwan for intelligence gathering. Their focus areas are expected to include universities, government organizations, think tanks, and technology companies. These activities align with Beijing's objectives to gather intelligence on Taiwan’s economic policy, trade, and diplomatic relations. Monitoring Malicious Traffic Analysis (MTA) can help detect and alert infrastructure communicating with known RedJuliett command-and-control (C2) IP addresses, thus providing a proactive defense measure against this persistent threat.
Description last updated: 2024-11-08T00:02:48.984Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Flax Typhoon is a possible alias for Redjuliett. Flax Typhoon is a threat actor reportedly linked to China that has been actively targeting Taiwan, as well as other regions globally. This group, also known by aliases such as RedJuliett and Ethereal Panda, has been implicated in cyberespionage activities against critical infrastructure entities, go
4
Ethereal Panda is a possible alias for Redjuliett. Ethereal Panda, also known as Flax Typhoon or RedJuliett, is a threat actor believed to be linked to the Chinese government. This group has been involved in various cyber espionage activities targeting organizations primarily in Taiwan. Reports from cybersecurity firms such as Microsoft and CrowdStr
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Vpn
Exploit
Taiwan
Chinese
Source
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Redjuliett Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more