"Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor"

RedGolf, a Chinese state-sponsored threat group, has been linked to the use of KEYPLUG, a custom Windows and Linux backdoor. According to Recorded Future, RedGolf is a prolific Chinese state-sponsored threat actor group that has likely been targeting various companies globally for many years. The group has demonstrated the ability to weaponize newly discovered vulnerabilities such as Log4Shell and ProxyLogon quickly. It has a history of creating and deploying various custom malware families. The threat actors' use of KEYPLUG was disclosed for the first time in March 2022 by Mandiant in attacks against multiple US state government networks between May 2021 and February 2022. In October 2022, Malwarebytes detailed a different wave of attacks targeting Sri Lankan government entities in early August that used a novel implant named DBoxAgent to deliver KEYPLUG. According to Recorded Future, Winnti, also known as APT41, Barium, Bronze Atlas, or Wicked Panda, closely overlaps with RedGolf in each of these campaigns. This article continues to discuss findings regarding the RedGolf group.

THN reports "Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor"