• World CyberCon India
Firewall Daily Hacks

RedAlpha: Experts Observe Cyberespionage by Hackers Linked to China

Experts associate RedAlpha with the Chinese government because the espionage target falls in line with the strategic interests of the Chinese Communist Party (CCP).

RedAlpha: Experts Observe Cyberespionage by Hackers Linked to China
  • PublishedAugust 18, 2022

A group of analysts and experts observed cyberespionage on military agencies and intelligence by the likely Chinese state-sponsored hacker group RedAlpha. According to the report, the hacker group has been working for about three years to break into the systems of think tank and humanitarian organizations that may be of interest to the Chinese government.

The group targets various government organizations, including the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), and the American Institute in Taiwan (AIT), among others.

According to the report, data sources for the analysis included Recorded Future® Platform, SecurityTrails, PolySwarm, DomainTools Iris, urlscan, and standard open-source tools and techniques.

RedAlpha behind the cyberespionage

The hackers are known as ‘RedAlpha’ whom the researchers associated with the Chinese government because the espionage target falls in line with the strategic interests of the Chinese Communist Party (CCP). The researchers found a link between RedAlpha and the Chinese information security company. The stolen information is also suspected of being useful for private companies in the People’s Republic of China (PRC) and Chinese intelligence agencies.

Stolen sensitive information

Information like emails, online communications and other critical information is suspected to be stolen in State-sponsored cyber espionage. Also, the group RedAlpha has been spoofing and registering domains that imitated humanitarian organizations. They spoofed domains of think tanks, including MERICS, FIDH, Amnesty International and RFA, among others. They employed sending PDF files with phishing links that needed to be clicked to see the downloaded files.

Extensive spoofing

The group’s activities against Taiwan in the past three years have led to increased suspicion over the aim of these cyberespionages in the hands of a small hacking group. RedAlpha has also been reported to have spoofed ministries of foreign affairs in several countries, created phishing pages that looked like webmail login portals for Taiwan and Portugal’s Ministry of Foreign Affairs (MOFAs), created domains for spoofing Brazil and Vietnam’s MOFAs and spoofing login pages for India’s National Informatics Centre (NIC).

Hackers registered over 350 domains in 2021

The increasing list of targets of this cyber espionage has also resulted in the loss of critical information of the AIT and the de facto embassy of the United States of America in Taiwan. It is reported that they stole the information by creating fake login pages and email providers such as Outlook. They spoofed email software like Zombra and registered over 350 domains in 2021. Other targets of this cyber espionage were Google, Yahoo, the America Chamber of Commerce and Purdue University.

Researchers ask users to secure networks

In the report, the researchers urged the users to take precautions by using strong passwords, keeping a good eye on their domains for abuse such as typosquat domains spoofing, spreading awareness, training in cybersecurity, protecting emails of high-profile individuals with Gmail’s Advanced Protection Program and configuring the Intrusion Detection Systems (IDS) to detect external connections from unknown IP addresses.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.


  • […] As hacker groups are becoming more creative with each passing day, cybersecurity startups are working toward stopping them. Several of these companies are coming up with innovative methods for data protection and threat mitigation and are actively changing the dynamics of how companies dealt with cyberattacks. From finding new malware strains and stopping them before they can do any harm to continuously trailing cybersecurity cases to help organizations prepare for future attacks, these ten startups are proving to be incredible disrupters in the space. […]

  • […] Play Store. The news comes after a police official claimed that the funds were being sent to China using Hawala transactions and […]

  • […] the attack was likely connected to China because of the recent DoJ indictment, where four Chinese nationals were charged with an […]

Comments are closed.