Targets Government, Defense, and Technology Organizations

Sept. 24, 2025, 8:08 p.m.

Description

RedNovember, a Chinese state-sponsored threat group, has expanded its cyber-espionage activities globally. The group targets high-profile government, intergovernmental, and private sector organizations, focusing on defense, aerospace, and technology sectors. It uses the Go-based backdoor Pantegana and Cobalt Strike for intrusions, exploiting vulnerabilities in perimeter appliances. RedNovember's tactics include combining weaponized proof-of-concept exploits with open-source tools, allowing for scalable operations and attribution obfuscation. The group has shown particular interest in targets across the US, Taiwan, South Korea, and Panama, often aligning its activities with geopolitical events and Chinese strategic interests.

External References

https://www.recordedfuture.com/research/rednovember-targets-government-defense-and-technology-organizations
https://otx.alienvault.com/pulse/68d427f7d0170894d572299f
Tags
cobalt strike
defense
aerospace
sparkrat
pantegana
cyber-espionage
chinese state-sponsored
2025-09-24
technology
leslieloader
perimeter appliances

Date

  • Created: Sept. 24, 2025, 5:18 p.m.
  • Published: Sept. 24, 2025, 5:18 p.m.
  • Modified: Sept. 24, 2025, 8:08 p.m.

Attack Patterns

  • RedNovember

Additional Informations

  • Aerospace
  • Technology
  • Energy
  • Defense
  • Transportation
  • Finance
  • Government
  • Manufacturing
  • Panama
  • Fiji
  • Taiwan
  • United States of America