Communist China-backed Hacking Group Spies on Multiple Governments and Institutions

A hacking group allegedly backed by the government of Communist China has been attacking governments, NGOs, news publications, and think tanks worldwide, including India’s National Informatics Centre (NIC). The hacking group sends them emails that are used to steal their login accounts once opened.

The group known as RedAlpha has been stealing login data of the NIC, which manages the wider IT infrastructure and services for the Indian government. The hacking group weaponized at least 350 domains last year alone.

This hacking group, sponsored by Communist China, deceived organizations that belonged to the CCP’s strategic interests. The organizations included the International Federation for Human Rights (FIDH), Amnesty International, Mercator Institute for the Study of Communist China (MERICS), Radio Free Asia (RFA), American Institute in Taiwan (AIT), and other global governments, think tanks, and humanitarian organizations.

According to a cybersecurity firm Recorded Future report, the group also directly targets ethnic and religious minorities, including individuals and organizations in Tibetan and Uighur communities.

RedAlpha has also shown a particular interest in Taiwan’s political, government, and think-tank organizations in recent years, the report said, possibly to gather political intelligence.

The hacking group based in Communist China targets individuals via emails containing abusive PDF files with links to phishing websites, often stating that users need to click on the links to preview or download the files.