Government, aerospace, education, telecommunications, media, and research organizations across 17 countries, including the U.S., Taiwan, and India, have been subjected to attacks by Chinese state-sponsored hacking operation RedHotel, also known as Charcoal Typhoon and BRONZE UNIVERSITY, since 2021, reports The Record
, a news site by cybersecurity firm Recorded Future.
RedHotel, which has previously compromised a U.S. state legislature and COVID-19 research entities, has been leveraging ShadowPad and Winnti
malware in its intrusions, which are being used to facilitate initial access prior to long-term system persistence, according to a report from Recorded Future's Insikt Group.
Over 100 IP addresses and attack tools spoofing the Microsoft Windows Compatibility Troubleshooter service have also been associated with RedHotel, which has been dubbed by PwC as the most prolific Chinese state-backed hacking group last year.
"Since at least 2019, RedHotel has exemplified this relentless scope and scale of wider PRC state-sponsored cyberespionage activity through maintaining a high operational tempo and targeting public and private sector organizations globally," said researchers.