Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10
Logo del actor de amenaza Red Dev 17

Red Dev 17

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Ver en IntelTracker → APTTrail →
Red Dev 17 is a China-based threat actor first documented to be active in 2017, with PwC beginning to track their intrusions in 2021. This group primarily engages in cyberespionage, focusing on long-term persistence, reconnaissance, and data exfiltration to serve state interests. A distinguishing characteristic of Red Dev 17 is its operational methodology, which involves sharing capabilities and infrastructure with other Chinese-linked threat actors like Red Hariasa (FunnyDream APT), Red Wendigo (Icefog/RedFoxtrot), and groups associated with ShadowPad C2 servers, suggesting a collaborative cluster rather than a fully independent operation. The group is highly probable to be responsible for the Operation NightScout campaign. Their targeting initially focused on military, technology, and energy sectors in India, and broader regions of Southeast and Central Asia, later expanding to include government entities, political organizations, individual citizens, and civil society worldwide.

Actores similares

weredevilsactor · 1WeRedEvilsapt · 0devmanransomware · 184redalertransomware · 2redransomwareransomware · 2Scattered Spideractor · 2redactactor · 2Scattered Lapsus$ Huntersthreat-actor · 1redcontroleactor · 1apt-redbaldknightactor · 1
Tecnicas MITRE
T1221, T1203, T1071, T1583, T1105, T1559.002
CVEs relacionadas
CVE-2025-5419, CVE-2025-48572, CVE-2025-33073, CVE-2025-33053, CVE-2025-3248, CVE-2025-31324
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
116
Actualizado
Mon, 13 Ap

Paises objetivo (SOCRadar)

AndorraUnited Arab EmiratesAfghanistanAlbaniaArmeniaArgentinaAustriaAustraliaAzerbaijanBangladesh

Sectores objetivo (SOCRadar)

Construction of BuildingsSoftware PublishersAccommodationAir TransportationManufacturingConstructionPublic AdministrationOil & GasEducational ServicesWholesale Trade