Chinese hackers, possibly backed by the state, remain active

BANGKOK — A Chinese hacking group, believed to be state-sponsored and previously linked to attacks on the computer networks of various US state authorities, remains very active. Its actions target a wide range of targets that may be of strategic interest to the Chinese government and intelligence agencies.This is according to a report published Thursday by the American private security company Recorded Future.The activity of the hacker group, which is called RedGolf in the report, has a lot of overlap with groups tracked by other companies under the names ART41 and BARIUM. Therefore, it can be assumed that they are the same group or that they are very closely related, said John Kondra, director of strategic and persistent threats at Insikt Group, a division of Recorded Future.”We believe this activity is likely for intelligence rather than financial gain, as it overlaps with previously reported cyber espionage campaigns,” Kondra told The Associated Press in an interview.The Chinese Foreign Ministry has denied Recorded Future’s allegations.”This company has repeatedly provided false information about so-called ‘Chinese hacker attacks’ in the past. It deals with baseless and fabricated accusations,” the agency said.Chinese authorities consistently deny any form of state-sponsored hacking, insisting that China itself is the main target of cyberattacks.The ART41 group was featured in a 2020 US Department of Justice indictment. The document accuses Chinese hackers of attacking more than 100 companies and institutions in the United States and other countries, including social media, universities and telecommunications service providers.In its analysis, Insikt Group said it found evidence that RedGolf “remains very active” across a range of countries and industries, “targeting aviation, automotive, education, government, media, l ‘computing and religious organizations’.The Insikt group did not name specific victims of RedGolf, but said it was able to trace attempts to scan and exploit vulnerabilities in various industries using the KEYPLUG malware, also used by ART41.Insikt Group said it was able to identify other malicious tools used by RedGolf in addition to KEYPLUG, “all of which are frequently used by many Chinese state-sponsored groups.”In 2022, security firm Mandiant reported that ART41 was responsible for hacking government networks in at least six US states. The KEYPLUG program was also used for this.Cyber-intelligence companies use a variety of tracking techniques and often refer to the threats they identify in different ways. However, Kondra said that APT41, BARIUM, and RedGolf “likely belong to the same group of actors or factions” due to similarities in their network infrastructure, tactics, methods, and procedures.