Redjuliett

Threat Actor Profile Updated 14 days ago
Download STIX
Preview STIX
RedJuliett, a Chinese state-sponsored threat actor, has been actively targeting the infrastructure of approximately 75 organizations across government, academic, and technology sectors in multiple countries. The group is particularly focused on Taiwan, where it has launched attacks against 24 different entities, including government agencies, educational institutions, and technology firms, as reported by threat-intelligence firm Recorded Future on June 24. RedJuliett's modus operandi involves seeking out vulnerabilities in network edge devices such as firewalls, VPNs, and load balancers, exploiting these weaknesses to gain initial access to systems. Once inside the network, RedJuliett utilizes open-source tools like devilzShell and AntSword for post-exploitation activity. They have also exploited a known Linux vulnerability - CVE-2016-5195 - to gain privileged access to networks. The group's activities align with China's objective to gather intelligence on Taiwan’s economic policy, trade, and diplomatic relations. Additionally, they've targeted critical technology firms and are likely to continue doing so. RedJuliett operates its infrastructure using SoftEther VPN, leveraging both their own leased servers and compromised infrastructure belonging to Taiwanese universities. The threat actor's activities extend beyond Taiwan, with the Insikt Group observing RedJuliett expanding its operations to compromise organizations in several other countries, including Hong Kong, Malaysia, Laos, South Korea, the United States, Djibouti, Kenya, and Rwanda. In addition to exploiting vulnerabilities in internet-facing devices, RedJuliett has also attempted SQL injection and directory traversal exploits against web and SQL applications. The group closely overlaps with public reporting under the aliases Flax Typhoon and Ethereal Panda, indicating a broad and persistent threat landscape.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Flax Typhoon
2
Flax Typhoon, also known as RedJuliett and Ethereal Panda in different cybersecurity circles, is a threat actor linked to China that has been actively targeting Taiwan. The group's activities have been closely monitored by several cybersecurity firms, including Microsoft and CrowdStrike. The use of
Ethereal Panda
2
Ethereal Panda, also known as Flax Typhoon, is a threat actor believed to be based in China. The activities of this group strongly overlap with those reported under the aliases Flax Typhoon by Microsoft and Ethereal Panda by CrowdStrike. This correlation suggests that Ethereal Panda operates as a na
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Vpn
Taiwan
Exploit
Source
Chinese
State Sponso...
Virtual Priv...
Vulnerability
Taiwanese
Linux
Exploits
Traversal
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2016-5195Unspecified
1
None
Source Document References
Information about the Redjuliett Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
12 days ago
Australia Flags Persistent Chinese Cyberespionage Hacking
Recorded Future
14 days ago
Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation | Recorded Future
DARKReading
a month ago
China-Linked Espionage Groups Target Asian Telecoms
BankInfoSecurity
a month ago
Chinese Hackers Caught Spying on Taiwanese Firms
InfoSecurity-magazine
a month ago
China-Based RedJuliett Targets Taiwan in Cyber Espionage Campaign
Recorded Future
a month ago
Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation | Recorded Future