RedFoxtrot has been active since 2014 and primarily targets defense, aerospace, government, telecommunications, mining and research organizations in India among others. 

The other countries are Afghanistan, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan and Uzbekistan, which are based on the PLA’s operational mandate.

 Unit 69010.Recorded Future, the world’s largest provider of enterprise security intelligence, on Thursday revealed cyber espionage activity attributed to a suspected Chinese government-sponsored threat activity group called RedFoxtrot by the China Threat Investigation Division.

 The links between RedFoxtrot’s activities and Chinese military intelligence, the People’s Liberation Army (PLA) unit 69010 within the Strategic Support Force (SSF), provide a rare glimpse into SSF operations following the EPL restructuring in 2015. 

Network traffic analysis and expert analysis recognized Intrusions Active since 2014, RedFoxtrot mainly targets aerospace and defense, government, telecommunications, mining and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan and Uzbekistan, and a large amount of operational infrastructure has used custom and publicly available malware families commonly used by Chinese cyber espionage groups, 

RedFoxtrot’s activities overlap with threat groups promoted by other security vendors such as Temp.Trident and. are pursued nomad panda. 

judges with high confidence that RedFoxtrot is a Chinese government sponsored threat activity group based on identified links to a particular PLA entity and shared custom skills that are believed to be unique to Chinese cyber espionage groups.

“The recent activity of the People’s Liberation Army has been largely a black box for the intelligence services. The ability to provide this rare end-to-end view of PLA activity and Chinese military tactics and motives provides invaluable intelligence on the global threat landscape. 

Continuous and extensive monitoring and information gathering are critical to disrupting adversaries and informing the security situation of an organization or government, “said Christopher Ahlberg, CEO and co-founder of Recorded Future.