Cybersecurity experts have uncovered evidence that interconnects several multi-year and sprawling cyber-espionage campaigns to a Chinese military unit operating out of the city of Ürümqi in China’s western province of Xinjiang.
According to a report released today by Recorded Future’s Insikt Group, the People’s Liberation Army (PLA) Unit 69010 is believed to have been behind a series of cyber-espionage campaigns dating back to 2014 that have focused on gathering military intelligence from neighboring countries.
The attacks, which the Insikt Group has tracked under the RedFoxtrot threat actor codename, have targeted aerospace, defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan.
“Notable RedFoxtrot victims over the past 6 months include multiple Indian aerospace and defense contractors; telecommunications companies in Afghanistan, India, Kazakhstan, and Pakistan; and several national and state institutions in the region,” analysts said today.
“Activity over this [past six-month] period showed a particular focus on Indian targets, which occurred at a time of heightened border tensions between India and the People’s Republic of China (PRC).”
Image: Recorded Future
Per the research team, for its attacks, the RedFoxtrot group used an assortment of malware families (IceFog, ShadowPad, Royal Road, PCShare, PlugX, and multi cyber espionage campaign linked chinese military targeted organizations seven countries
