China-linked hackers suspected of hacking attempts against NGOs

Amnesty International, the International Federation for Human Rights (FIDH), Tibetan human rights activists as well as foreign ministries… NEW A report from the computer security company Recorded Future Details of organizations that have been targeted by RedAplha over the past three years, a group of hackers allegedly working on behalf of the Chinese government.

The existence of RedAplha, which has been raging since at least 2015, was revealed in 2018 by Citizen Lab . report from the University of Toronto, who discovered his trail about sites that seek to steal passwords for Tibetans.

The methods used by the group are classic: they register a large number of domain names Similar to those used by his targetsthen sends out mass-clicking on those links, as Internet users wait for a fake site that mimics the legitimate one.

Limited means

The relatively basic methods used and the use of low-cost Internet services indicate that this organization has limited resources. According to Recorded Future, this group prefers efficiency over invisibility and has doubled down on top-notch operations rather than launching more targeted ones.

Recorded Future has been able to link several used domain name purchases in an attempt to deceive Internet users, through a series of technical indicators and email addresses used to purchase suspicious domain names. Among the specific targets, in addition to human rights organizations, are Radio Free Asia, the US State Department-funded media, several research groups, the Ministries of Foreign Affairs (in Portugal and Vietnam) and several organizations in Taiwan, including the American Institute. In Taiwan, which serves as the US embassy on the island.

Lots of organizations Among the interests of the Chinese governmentwrites about the company, which believes the group may be a subcontractor to Beijing, and not a direct spin-off of Chinese military or counterintelligence.