CN

Red NueRed Nue

Also known as: LuoYu · Red Nue

Origin
CN
Known aliases
2

Profile

Red Nue, active since at least 2017, is known for its use of the multi-platform LootRAt backdoor, also known as ReverseWindow. LootRAT has variants for Windows and Macintosh (reported in open source as Demsty), as well as an Android variant known as SpyDealer. Red Nue has also used another Windows backdoor known as WinDealer since at least 2019, when it deployed it to targets as part of a watering hole campaign on a Chinese news website for the Chinese diaspora community. Parts of Asia feature heavily in Red Nue's victimology.

Aliases· 2

LuoYuRed Nue

References

  1. https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
  2. https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_301_shui-leon_en.pdf
  3. https://blogs.jpcert.or.jp/en/2021/10/windealer.html
  4. https://securelist.com/windealer-dealing-on-the-side/105946
  5. https://blogs.blackberry.com/en/2022/06/threat-thursday-china-based-apt-plays-auto-updater-card-to-deliver-windealer-malware
  6. https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Red Menshen
Actor
Red Dev 17
Actor
RedDelta
Actor
RedGolf
Actor
RedJuliett
Actor
APT9
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.