TAG-22

Threat Activity Group 22 (TAG-22), also known as RedHotel, is a suspected Chinese state-sponsored threat actor that has been identified by Recorded Future. This group has been actively targeting various sectors including telecommunications, academia, research and development, and government organizations across several countries including Nepal, the Philippines, Taiwan, and historically, Hong Kong. TAG-22 is recognized for its persistence, prominence, operational intensity, and global reach, posing a significant cybersecurity threat. Insikt Group has been closely tracking the activities of TAG-22 and has noted some historical overlap with other threat groups such as APT41 and Barium. These groups have been previously clustered by FireEye and Microsoft respectively. The overlapping activities suggest possible collaborations or shared tactics, techniques, and procedures (TTPs) among these threat actors, which further complicates the cybersecurity landscape. TAG-22's activities underscore the evolving and complex nature of state-sponsored cyber threats. Their ability to persistently target and infiltrate high-value sectors around the globe highlights the necessity for robust cybersecurity measures and international cooperation. Organizations in the targeted sectors need to be particularly vigilant and proactive in their defense strategies to mitigate the risk posed by this and similar threat actors.