Operation Red Signature
Intelligence Profile
The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organisations.
Threat Analysis
Operation Red Signature is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.
Known Campaigns
Operation Red Signature is a unknown-motivation threat actor attributed to China. The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign ...