When you play at an online casino, someone might be watching you. According to a recent study, at least 17 different countries have experienced cyberattacks against their governments, telecommunications firms, and even online gambling operators. Beginning in 2021, these were allegedly carried out by hackers connected to China's Ministry of State Security, a purportedly civilian intelligence agency. RedHotel, a sophisticated cyber-espionage organization purportedly supported by China, has been the subject of analysis by the team at Insikt Group, a threat research division within the international threat analysis company Recorded Future. The organization is well-known for planning a variety of sophisticated malware attacks and espionage missions against numerous countries in Southeast Asia and Asia.

In a wide variety of countries, including Afghanistan, Bangladesh, Cambodia, Hong Kong, India, Malaysia, Palestine, the Philippines, Thailand, Taiwan, the United States, and Vietnam, Recorded Future discovered a network. The hackers' primary targets were important political organizations, but it appears that they also targeted online gambling sites.

Unknown Global Threat

The report's coauthor and head of Recorded Future's Strategic and Persistent Threats team, Jon Condra, emphasized RedHotel's significant function as a fierce supporter of the Chinese government. Its support encompasses various industry verticals and numerous organizations across the globe. The group is tracked by SecureWorks and Microsoft as well. 

Pro-democracy groups in Hong Kong, Taiwanese research facilities, religious minorities, even online gaming companies are among its alleged victims. Condra notes that RedHotel regularly engages in "intelligence gathering in tandem with economic espionage" and that the company breached the government of an unnamed U.S. state in 2022.

The group, he continues, is just one of many that the Chinese government supports and is probably based in Chengdu, China. All of these initiatives help China strengthen its military prowess and maintain its economic dominance.

Southeast Asian governments are in grave danger from the group. RedHotel is reportedly shifting its focus to a variety of industries, including media, communications, research and development, aviation, education, and media.

According to researchers, the group's primary goals are to gather data and carry out financial espionage. They also mention that numerous other businesses have looked into the group's cyberattacks since 2019.

The group has previously concentrated on organizations that were carrying out scientific research on COVID-19 in addition to attempting to gain access to legislative bodies in the U.S. RedHotel is "one of the most active [and] prolific Chinese state-sponsored groups that [Recorded Future tracks]," according to Condra, and it targets businesses worldwide in many different industry verticals.

How RedHotel Functions

According to Recorded Future, Chengdu has become the hub for China's advanced persistent threat (APT) initiatives. 

In order to further their cause, the groups allegedly have significant connections with Chinese businessmen and regional universities.

With the group frequently exhibiting a high operational risk appetite in the face of public industry reporting, we anticipate RedHotel to carry on with this activity unabated, based on historical precedent, warned Insikt Group.

In their attacks, Chinese hackers frequently use a variety of malware, including popular software that security experts have already recognized. Additionally, they employ unique malware that can occasionally be harder to find.

RedHotel will start by attempting to locate a target that is vulnerable to an assault. According to Recorded Future, it was able to use malware for years that Windows operating systems mistook for a genuine Microsoft troubleshooting tool.

The malware begins to retrieve data and send it to the group as soon as it gains access. Even "for months or even years after public reporting," the software continues to operate on the system and removes data as quickly as it can.

This week, reports surfaced that indicated government infrastructures may already be at risk. Chinese malware has reportedly been discovered on "critical" military systems, according to The New York Times. China has also penetrated the "highest levels" of the Japanese government, according to The Washington Post.