"RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June 2024 and July 2025, exploiting buggy internet-facing appliances to deploy a Go-based backdoor called Pantegana and other offensive security tools, including Cobalt Strike and SparkRAT. This information comes via a threat report from Recorded Future's Insikt Group researchers, who previously tracked the crew as TAG-100, and noted that the Chinese snoops overlap with a group that Microsoft tracks as Storm-2077."
"Between H2 2024 and H2 2025, RedNovember compromised, targeted, and reconnoitered organizations on a global scale, the security analysts wrote. In particular, RedNovember heavily targeted organizations in the US, Taiwan, and South Korea, and, in April 2025, it focused its reconnaissance on over 30 Panamanian government organizations. The timing of the observed reconnaissance closely followed US Defense Secretary Pete Hegseth's visit to Panama in early April 2025,"
RedNovember is a Chinese state-sponsored cyberspy group that targeted government and critical private-sector networks globally between June 2024 and July 2025. The group exploited buggy internet-facing appliances to install a Go-based backdoor called Pantegana and leveraged offensive tools such as Cobalt Strike and SparkRAT. Victims concentrated in aerospace and defense, government, and professional services, with an April 2025 reconnaissance focused on two American oil and gas companies. Operations heavily targeted the US, Taiwan, South Korea, and more than 30 Panamanian government organizations. Recorded Future’s Insikt Group tracked the crew as TAG-100 and linked it to Microsoft’s Storm-2077.
#chinese-state-sponsored #cyberespionage #pantegana-backdoor #panama-reconnaissance #aerospace--defense
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]