Operation Red SignatureOperation Red Signature

Also known as: Operation Red Signature

Known aliases
1

Profile

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organisations.

Aliases· 1

Operation Red Signature

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
RedStinger
Software
R980
Actor
APT.3102
Software
RedAlert
Actor
Red Charon
Actor
APT9
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.