Chinese hackers behind large-scale longstanding credential theft operation

Government, humanitarian, and think tank organizations around the world have been targeted in a years-long mass credential theft campaign by Chinese state-sponsored threat group RedAlpha, The Hacker News reports. Recorded Future researchers disclosed that RedAlpha, which was initially reported by Citizen Lab in 2018, has moved to weaponize up to 350 domains impersonating Amnesty International, the International Federal for Human Rights, Radio Free Asia, the American Institute in Taiwan, the Mercator Institute for China Studies, and other organizations. Microsoft, Google, Yahoo, and other email and storage service providers have also been spoofed by RedAlpha in an effort to steal organizations' credentials. The report also showed that the foreign affairs ministries of Taiwan, Brazil, Vietnam, and Portugal, as well as India's National Informatics Centre, have also been targeted by RedAlpha, which was associated with Chinese infosecurity firm Jiangsu Cimer Information Security Technology Co. Ltd. "[The targeting of think tanks, civil society organizations, and Taiwanese government and political entities], coupled with the identification of likely China-based operators, indicates a likely Chinese state-nexus to RedAlpha activity," said researchers.