A hacking group allegedly backed by the Chinese government has been attacking governments, NGOs, news publications and think tanks globally -- including India's National Informatics Centre (NIC) -- sending them emails which, once opened, were used to steal their login credentials.
The group known as 'RedAlpha' has consistently spoofed login pages for NIC, which manages wider IT infrastructure and services for the Indian government. The hacking group weaponised some least 350 domains last year alone.
The China-sponsored hacking group spoofed organisations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan (AIT), and other global government, think tank, and humanitarian organisations that "fall within the strategic interests of the Chinese government".
According to a report by cybersecurity firm Recorded Future, the group has also engaged in direct targeting of ethnic and religious minorities, including individuals and organisations within Tibetan and Uyghur communities.
"In recent years RedAlpha has also displayed a particular interest in spoofing political, government, and think tank organisations in Taiwan, likely in an effort to gather political intelligence," said the report.
The China-based hacking group targeted individuals via emails containing abasic PDF files with links to the phishing sites, typically stating that a user needs to click the link to preview or download files.
Over the past three years, RedAlpha continued to conduct credential-phishing activity using large clusters of operational infrastructure to support campaigns.
"In late 2019 and early 2020, the group likely shifted away from older infrastructure TTPs exhibited in public reporting, such as the registration of domains through GoDaddy and hosting on Choopa (Vultr) and Forewin Telecom infrastructure," the report revealed.
The researchers observed RedAlpha consistently register domains spoofing Taiwanese or Taiwan-based government, think tank, and political organisations.
"Notably, this included the registration of multiple domains imitating the American Institute in Taiwan (AIT), the de facto embassy of the United States of America in Taiwan, during a time of increasing US-China tension regarding Taiwan over the past year," they said.
RedAlpha's activity has expanded over the past several years to include credential-phishing campaigns spoofing ministries of foreign affairs in multiple countries.
A Chinese government spokesperson told the MIT Technology Review that the country opposes all cyberattacks and would "never encourage, support, or connive" to carry out such activity.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve hit your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Quarterly Starter
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Access to Exclusive Premium Stories Online
Over 30 behind the paywall stories daily, handpicked by our editors for subscribers


Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share


Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor


Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements


Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app