Introduction
RedEcho is a Peopleβs Republic of China-related threat actor associated with long-running intrusions in Indian critical infrastructure entities. RedEcho overlaps with various other PRC-linked threat groups, such as APT41, and is linked to ShadowPad malware use through shared infrastructure. RecordedFuture RedEcho 2021 RecordedFuture RedEcho 2022
Activities and Tactics
Country of Origin: π¨π³ China
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
- T1568 Dynamic Resolution
- T1071.001 Web Protocols
- T1571 Non-Standard Port
- T1573.002 Asymmetric Cryptography
- T1583.001 Domains
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- China Chopper:
- CyberGate:
- Cyber Eye RAT:
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] mitre-attack [2] RecordedFuture RedEcho 2021 Recorded Future Insikt Group. (2021, February). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved November 21, 2024. [3] RecordedFuture RedEcho 2022 Recorded Future Insikt Group. (2022, April 6). Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group. Retrieved November 21, 2024.