2024-06-24 Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation

📃Title: Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
📅Date: 2024-06-24
🔗References:

• https://www.recordedfuture.com/research/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter

Description

Chinese state-sponsored cyber-espionage group RedJuliett continues to target Taiwanese government, academic, technology companies and de facto embassies, according to a new report from Insikt Group.

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: campaign-analysis
• target: targeted
• MY-relevancy: relevant
• topic: geopolitical
• action-taken: diamond-model

🔖MISP Galaxies:

• producer Recorded-Future
• target-information=“Taiwan”
• target-information=“Kenya”
• target-information=“Rwanda”
• target-information=“China”
• target-information=“Hong Kong”
• target-information=“Malaysia”
• target-information=“South Korea”
• target-information=“United States”
• target-information=“Djibouti”
• threat-actor RedJuliett
• sector=“Academia - University”
• sector=“Diplomacy”
• sector=“Government, Administration”
• sector=“Technology”
• target-information=“Laos”
• country=“china”
• mitre-attack-pattern=[‘T1068’, ‘T1133’, ‘T1190’, ‘T1505’, ‘T1583’, ‘T1584’, ‘T1595’, ‘T1583.003’, ‘T1595.002’, ‘T1505.003’]

MISP event uuid: 91ec5b1f-2db7-4fd0-b3f1-5896939d72d5

Indicator of Compromise (IoCs)

type,value,comment
hostname, cktime.ooguy.com, ''
hostname, www.dns361.tk, ''
hostname, www.sofeter.ml, ''
ip-dst, 38.147.190.192, ''
ip-dst, 61.238.103.155, ''
ip-dst, 122.10.89.230, ''
ip-dst, 137.220.36.87, ''
ip-dst, 140.120.98.115, ''
ip-dst, 154.197.98.3, ''
ip-dst, 154.197.99.202, ''
ip-dst, 176.119.150.92, ''

Full IOCs available in Rectifyq's MISP```