Threat Activity Group RedFoxtrot Linked to Chinese Military Targets Bordering Asian Countries

Insikt Research Report

Using a combination of large-scale, automated network traffic analytics and expert analysis, Recorded Future’s Insikt Group has identified ties between a suspected Chinese state-sponsored threat activity group tracked as RedFoxtrot and the Chinese military intelligence apparatus, People's Liberation Army (PLA) Unit 69010, located in Ürümqi, Xinjiang.

The cyber activity of the PLA has largely been a black box for the intelligence community since its 2015 organizational restructuring. Since then, public reporting has largely concentrated on groups linked to China’s Ministry of State Security. This breakthrough report changes that, providing a rare glimpse into PLA cyber espionage operations.

Can't see the form? You may have a browser extension blocking it. Please allow this page to load so you can submit the form.

You can unsubscribe from our communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

Details revealed in this Insikt Group report include:

A rare glimpse into PLA Unit 69010 cyber espionage operations and links that tie activity back to specific individuals.
Specifics on network intrusions targeting aerospace and defense, government, telecommunications, mining, and research organizations in bordering Asian countries.
Details into PLA operational infrastructure that has employed both bespoke and publicly available malware families commonly used by Chinese cyber espionage groups.