| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Recorded Future’s Insikt Group has identified a large cluster of new operational infrastructure associated with use of the custom Windows and Linux backdoor KEYPLUG. We attribute this activity to a threat activity group tracked as RedGolf, which is highly likely to be a Chinese state-sponsored group. RedGolf closely overlaps with threat activity reported in open sources under the aliases APT41/BARIUM and has likely carried out state-sponsored espionage activity in parallel with financially motivated operations for personal gain from at least 2014 onward.
There are currently no families associated with this actor.
| 2023-03-30
⋅
Recorded Future
⋅
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets KEYPLUG Cobalt Strike PlugX RedGolf |
| 2020-09-16
⋅
Department of Justice
⋅
Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally APT41 RedGolf |