Redjuliett

RedJuliett, also known as Flax Typhoon and Ethereal Panda, is a China-linked Advanced Persistent Threat (APT) group that has been reported to control a botnet for malicious activities. This state-sponsored group has been persistently launching espionage attacks on numerous organizations since 2023. According to Insikt Group, the threat research arm of Recorded Future, RedJuliett has targeted approximately 75 organizations in government, academic, and technology sectors across multiple countries. The group has been using the open-source VPN client SoftEther to target these infrastructures, demonstrating their ability to leverage existing technologies for their operations. In Taiwan, RedJuliett has launched significant cyber-attacks against various entities. As of June 24, the group had attacked 24 different government agencies, educational institutions, and technology firms, according to an analysis by Recorded Future. Between November 2023 and April 2024, the group compromised 24 organizations in Taiwan, including an optoelectronics company, a facial recognition company, a waste and pollution treatment company, a publishing house, three universities, and four software companies. These activities indicate a broad range of interests and targets for RedJuliett's operations. Insikt Group anticipates that RedJuliett, along with other Chinese state-sponsored threat actors, will continue targeting Taiwan for intelligence gathering. Their focus areas are expected to include universities, government organizations, think tanks, and technology companies. These activities align with Beijing's objectives to gather intelligence on Taiwan’s economic policy, trade, and diplomatic relations. Monitoring Malicious Traffic Analysis (MTA) can help detect and alert infrastructure communicating with known RedJuliett command-and-control (C2) IP addresses, thus providing a proactive defense measure against this persistent threat.