Published: August 9, 2023, 07:41h.
Last updated: August 9, 2023, 07:41h.
Discover how your online gaming activity may be at risk from cyberattacks carried out by hackers associated with China’s Ministry of State Security. A recent study by Insikt Group reveals that government, telecommunications companies, and even online gambling operators in at least 17 countries have fallen victim to these attacks.
The Insikt Group has been investigating RedHotel, a cyber-espionage organization allegedly supported by China. This group is known for conducting advanced malware attacks and espionage missions targeting nations in Southeast Asia and Asia. Their activities extend to online gambling platforms as well.
A Hidden Global Threat
RedHotel is supported by the Chinese state and plays a significant role in advancing its interests globally. It has targeted political entities and online gaming enterprises, among other organizations. Tech giants Microsoft and SecureWorks are also monitoring their activities.
Their victims include pro-democracy organizations in Hong Kong, research institutions in Taiwan, religious minorities, and even online gaming enterprises. RedHotel has even hacked into a US state government and engages in intelligence gathering and economic espionage.
The group is believed to operate from Chengdu, China, and is just one of several supported by the Chinese government. The aim of these efforts is to enhance their military capabilities and strengthen their economic power.
Although the governments in Southeast Asia are at a high risk, RedHotel is expanding its focus to domains such as education, aviation, media, communications, and research and development.
The Insikt Group states that the group’s main objective is collecting information and engaging in financial spying. Various organizations have already conducted investigations into their cyberattacks since 2019.
In addition to targeting the US legislative body, RedHotel has previously attacked entities conducting scientific research on COVID-19. Recorded Future identifies RedHotel as “one of the most active and prolific Chinese state-sponsored groups”, targeting organizations across various industries worldwide.
Their Operation Tactics
Recorded Future reveals that Chengdu is a central hub for China’s advanced persistent threat (APT) activities. The group has connections with Chinese businessmen and local universities to further their cause.
Based on historical precedent, we expect RedHotel to continue this activity unperturbed, with the group regularly displaying a high operational risk appetite in the face of public industry reporting,” warned Insikt Group.
Chinese hackers commonly deploy a range of malware, including both known and custom software to make tracking more difficult.
RedHotel typically initiates their attacks by identifying vulnerable targets. For years, they have used malware disguised as legitimate Microsoft troubleshooting products on Windows systems.
Once the malware gains access, it starts to extract and transmit data to the group. The software remains on the system, continuously siphoning off information, sometimes for an extended period.
Recent reports suggest that government infrastructures are already compromised, with Chinese malware discovered on critical military systems. The highest levels of the Japanese government have also been infiltrated by China, according to The New York Times and The Washington Post.