Red Dev 17
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Red Dev 17 is a China-based threat actor first documented to be active in 2017, with PwC beginning to track their intrusions in 2021. This group primarily engages in cyberespionage, focusing on long-term persistence, reconnaissance, and data exfiltration to serve state interests. A distinguishing characteristic of Red Dev 17 is its operational methodology, which involves sharing capabilities and infrastructure with other Chinese-linked threat actors like Red Hariasa (FunnyDream APT), Red Wendigo (Icefog/RedFoxtrot), and groups associated with ShadowPad C2 servers, suggesting a collaborative cluster rather than a fully independent operation. The group is highly probable to be responsible for the Operation NightScout campaign. Their targeting initially focused on military, technology, and energy sectors in India, and broader regions of Southeast and Central Asia, later expanding to include government entities, political organizations, individual citizens, and civil society worldwide.
Paises objetivo (SOCRadar)
Andorra
United Arab EmiratesAfghanistanAlbania
Armenia
Argentina
Austria
Australia
Azerbaijan
Bangladesh
Sectores objetivo (SOCRadar)
Construction of BuildingsSoftware PublishersAccommodationAir TransportationManufacturingConstructionPublic AdministrationOil & GasEducational ServicesWholesale Trade