TAG-22

Actor Type Commercial Provider
Attributed to Nation China
Directly Linked Intrusion Sets RedHotel , Earth Lusca

TAG-22 is an intrusion set tracked by Recorded Future and later designated as Red Hotel. The group shows overlaps with the 'Winnti Group' and is identified as being likely linked to Chinese Ministry of State Security (MSS) contractors.

The group is reported as using Winnti and ShadowPad malware as well as Cobalt Strike and Acunetix.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

TAG-22 Threat Reports

Report

RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale

This report from Recorded Future's Insikt Group outlines activity by the Red Hotel intrusion set. RedHotel is identified as a prominent Chinese ...

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.