RedDelta Hackers Go After Religious and Political Entities
RedDelta is a name used to identify a new piece of malware, as well as the Advanced Persistent Threat (APT) group developing and operating it. According to cybersecurity experts, the RedDelta Malware shares many similarities with the PlugX RAT that has been around for several years. However, the RedDelta hackers had applied significant updates to the payload in an attempt to thwart security features, as well as to provide more access to the compromised network.
It is not clear what region the RedDelta hackers operate from, but the researchers suspect that they might be a China-based threat actor. However, the identity of their victims has already been revealed – the criminals have targeted high-value Italian and Hong Kong political targets, as well as religious organizations.
The RedDelta hackers are likely to study their targets quite well since they use specially crafted phishing emails to deliver malicious documents. The emails are often addressed to high-ranking employees in the targeted organizations, and the documents may look legitimate at first sight. This has greatly amplified the success of RedDelta's campaign.
The RedDelta Malware was often deployed prior to infecting the victim with a copy of the Cobalt Strike beacon, a legitimate penetration testing framework, which has been hijacked and modified by dozens of cybercrime organizations. Despite the advanced and regularly updated payloads that the RedDelta hackers use, reputable antivirus software should be more than enough to deter attacks of this type.