The advanced persistent threat (APT) malicious actor has been actively targeting several entities since from 2015. Afterwards, in 2018, RedAlpha has recorded innumerable numbers of domains breaching governmental and humanitarian organizations, including Amnesty International, the American Institute in Taiwan (AIT) and others.
Accordingly, Chinese state-sponsored cyberspy group RedAlpha has been observed targeting numerous government organizations, humanitarian entities and think tanks. Initially, RedAlpha was observed targeting entities of interest to the Chinese Communist Party (CCP) along with the entities in Taiwan were targeted for intelligence collection.
RedAlpha is known for its usage of weaponized websites that copy the well-known email service providers or organizations for its theft campaigns. Accordingly, The group has registered around hundreds of domains hijacking emails and storage service providers like Yahoo (135 domains), Google (91), and others. Also, the domains of the ministries of foreign affairs in several countries were been hijacked. However, this collective has been identified likely to be operated by China-based operators.
