TAG-22

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Threat Activity Group 22 (TAG-22), also known as RedHotel, is a suspected Chinese state-sponsored threat actor that has been identified by Recorded Future. This group has been actively targeting various sectors including telecommunications, academia, research and development, and government organizations across several countries including Nepal, the Philippines, Taiwan, and historically, Hong Kong. TAG-22 is recognized for its persistence, prominence, operational intensity, and global reach, posing a significant cybersecurity threat. Insikt Group has been closely tracking the activities of TAG-22 and has noted some historical overlap with other threat groups such as APT41 and Barium. These groups have been previously clustered by FireEye and Microsoft respectively. The overlapping activities suggest possible collaborations or shared tactics, techniques, and procedures (TTPs) among these threat actors, which further complicates the cybersecurity landscape. TAG-22's activities underscore the evolving and complex nature of state-sponsored cyber threats. Their ability to persistently target and infiltrate high-value sectors around the globe highlights the necessity for robust cybersecurity measures and international cooperation. Organizations in the targeted sectors need to be particularly vigilant and proactive in their defense strategies to mitigate the risk posed by this and similar threat actors.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Redhotel
1
RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
State Sponso...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT41Unspecified
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
BariumUnspecified
1
Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the TAG-22 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
RedHotel Chinese APT Hackers Attack Government Entities & Intelligence Organizations
MITRE
a year ago
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan