TAG-22
| Actor Type | Commercial Provider |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | RedHotel , Earth Lusca |
TAG-22 is an intrusion set tracked by Recorded Future and later designated as Red Hotel. The group shows overlaps with the 'Winnti Group' and is identified as being likely linked to Chinese Ministry of State Security (MSS) contractors.
The group is reported as using Winnti and ShadowPad malware as well as Cobalt Strike and Acunetix.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
TAG-22 Threat Reports
Report
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
This report from Recorded Future's Insikt Group outlines activity by the Red Hotel intrusion set. RedHotel is identified as a prominent Chinese ...
References
go.recordedfuture.com
https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdfwww.recordedfuture.com
https://www.recordedfuture.com/blog/chinese-group-tag-22-targets-nepal-philippines-taiwanwww.trendmicro.com
https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdfMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.