CNChina

RedGolfRedGolf

Also known as: RedGolf

Origin
CN
Known aliases
1
Target sectors
7
Attribution
State-sponsored

Profile

Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward.

Aliases· 1

RedGolf

Target sectors· 7

AviationAutomotiveEducationIntergovernmentalMedia and EntertainmentInformation TechnologyReligious Organizations

Incident types

Financial TheftEspionage

References

  1. https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf
  2. https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
RedDelta
Actor
Red Menshen
Actor
RedAlpha
Actor
Red Dev 17
Actor
APT31
Actor
APT41
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.