RedAlpha

The RedAlpha group is an advanced persistent threat (APT) group tracked by analysts at Recorded Future. The group is thought to have been active since at least 2015 and be linked to the Chinese state.

RedAlpha specializes in mass credential-harvesting, which they accomplish via convincing phishing emails with attached PDFs that lead to purported login pages. Researchers at Recorded Future observed the group conducting a massive phishing campaign that targets global humanitarian, think tank, and government organizations.

The group has been particularly interested in organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), and the American Institute in Taiwan (AIT). They have also targeted ethnic and religious minorities, including individuals and organizations within Tibetan and Uyghur communities.

Analysts assess that the intelligence collected by RedAlpha may be used to support human rights abuses orchestrated by the Chinese Communist Party (CCP). The group's consistent targeting aligns with the strategic interests of the CCP.

www.recordedfuture.com

https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups

go.recordedfuture.com

https://go.recordedfuture.com/hubfs/reports/cta-2024-0320.pdf

go.recordedfuture.com

https://go.recordedfuture.com/hubfs/reports/ta-2022-0816.pdf

www.recordedfuture.com

https://www.recordedfuture.com/blog/redalpha-credential-theft-campaign-targeting-humanitarian-thinktank