China's Long-Term, Low-Budget Hacks Of Human Rights Groups Are Infuriating
RedAlpha targets humanitarian and human rights organizations that seek to uncover and end China’s human rights abuses against the Uyghurs, Tibetans, and other ethnic and religious minority groups in China. The group has also more recently expanded its scope to target political, government, and think tank organizations in the democratic country of Taiwan. The Chinese Communist Party (CCP) denies Taiwan’s claim to independence and may be preparing to forcibly subsume the small country under its rule. RedAlpha may be assisting in this preparation by gathering intelligence through cyber-espionage.
In many cases, visitors to these domains found login portals mimicking those of the specific organizations being targeted. Anyone who fell for these imitations and entered their login credentials risked granting RedAlpha unauthorized access to their organizations’ online systems. While this credential theft campaign is clearly malicious and reprehensible, it’s a lower budget and less sophisticated cyber-espionage effort than we’ve seen from other Chinese state-sponsored hackers.
We’ve reported this year on more widespread cyber-espionage campaigns that rely on malware and vulnerability exploits to steal intellectual property, snoop on network traffic, and install backdoors in target systems. Researching vulnerabilities, developing exploits, and deploying malware in a targeted manner can be more labor intensive than registering domains and copying login portals. However, this comparison doesn’t make RedAlpha’s campaign any less sinister.