RedDelta Group Targets Mongolia and Taiwan with Malware
/ 1 min read
🕵️♂️ China-linked RedDelta group targets Southeast Asia with PlugX malware. The RedDelta threat actor has been actively delivering a customized version of the PlugX backdoor to countries including Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia from July 2023 to December 2024. Utilizing spear-phishing tactics with lure documents related to regional events, RedDelta has reportedly compromised key entities such as the Mongolian Ministry of Defense and the Communist Party of Vietnam. The group, known for its sophisticated infection methods, has evolved its tactics by employing Visual Studio Code tunnels and leveraging Cloudflare to obscure command-and-control traffic. This resurgence in targeting aligns with China’s strategic interests, focusing on governments and organizations perceived as threats to the Communist Party’s authority.
