A hacker group that is thought to be backed by the Chinese government, RedAlpha reportedly managed to mass attack humanitarian activists, think tanks and a number of state institutions within a year. They reportedly succeeded in hacking to access the email accounts and chat communications of their victims, both personal and institutional.
CitizenLab started reporting on this hacker group last January 2018 in its report. Since then, this group has not stopped carrying out espionage, surveillance and information theft for some Tibetans and Indians through a malware called NjRAT backdoor.
Since then, malicious activities undertaken by the group have involved weaponizing as many as 350 domains that spoof legitimate entities such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA) ), and the American Institute in Taiwan (AIT), among others.
Some of the early attacks started by spreading fake emails containing malicious PDF files that would force the victim to visit a website address that had been modified in such a way as to collect and steal the victim's data.
The RedAlpha cluster further appears to be connected to a Chinese information security company known as Jiangsu Cimer Information Security Technology Co. Ltd. (formerly Nanjing Qinglan Information Technology Co., Ltd.), underscoring the continued use of private contractors by intelligence agencies in the country.