Menu
Browse

Cyber Threat Actor: RedFoxTrot

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Nation State
China
3 incidents
Profile

RedFoxTrot, also known as RedFoxtrot, is a China-linked state-sponsored threat actor associated with cyber operations targeting entities across South and Central Asia. Public reporting attributes this group to a Chinese military intelligence unit based in Urumqi, northwestern China. The actor demonstrates a consistent focus on intelligence gathering aligned with strategic national interests, particularly in regions of geopolitical significance to China. Its operations frequently intersect with other Chinese advanced persistent threat (APT) clusters, including TAG-28 and Calypso APT, though it maintains distinct infrastructure and targeting patterns.

The group primarily targets government, defense, telecommunications, and media sectors, with concentrated activity against Indian and Afghan entities. Notable campaigns include the February 2021 compromise of India’s Unique Identification Authority (UIDAI), where attackers exfiltrated biometric data such as fingerprints and retina scans from the Aadhaar database. This operation aimed to harvest bulk personally identifiable information (PII) for strategic intelligence purposes, including potential artificial intelligence training datasets and social engineering enablement. In the same timeframe, RedFoxTrot breached Bennett Coleman And Co Ltd (BCCL), India’s largest media conglomerate, exfiltrating approximately 500 MB of data that risked exposing journalistic sources and unpublished content. Historical operations include a July 2020 intrusion against Afghan telecommunications provider Roshan, where the group compromised mail servers to access sensitive communications, reflecting an interest in critical infrastructure supporting China’s regional initiatives. Technical reporting indicates collaboration with other Chinese APT groups employing shared backdoors like PlugX, though specific malware attributed solely to RedFoxTrot remains unspecified in open sources. The actor’s persistent focus on biometric databases and media narrative influence underscores its role in supporting China’s intelligence and geopolitical objectives.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
2 sources