Cyber Threat Actor: Red Rabbit Team
| Actor Type | Location | Known Incidents |
Criminal
|
China
|
1 incident |
|---|
Profile
Red Rabbit Team is a threat actor groupthat has been referenced in public reports under that alias and is associated with a location in China according to available information. The group first came to attention through claims made against Indian telecommunications provider Airtel in early 2021, where it asserted possession of subscriber data and potential system access. Over a period of fifteen months the group made varying statements about the scope of its alleged compromises, though it never provided verifiable evidence of a nationwide database breach. Its activity has also been noted in relation to a Malaysian e‑payment provider, where account details appeared for sale on a forum.
The group’s targeting appears to focus on telecommunications and digital payment services, with incidents reported in India and Malaysia. In the Airtel case the alleged exposure was limited to subscriber information from the Jammu and Kashmir region, according to the group’s own video of a subscriber portal. The Malaysian incident involved user account data from a specific payment system operated by E‑Pay Malaysia, which the parent company stated was isolated to that service. No other sectors or geographic areas are explicitly mentioned in the sources. Observed tactics include posting videos of portal interfaces, claiming shell upload capabilities, and sharing allegedly stolen data on underground forums and marketplace platforms. The group has been described as making inconsistent claims and providing inaccurate data from specific regions while failing to demonstrate proof of broad infrastructure access. No specific malware families, exploit tools, or initial access vectors are detailed in the available material.
Public attribution does not extend beyond the geographic hint of China, and no state sponsorship or criminal consortium links are explicitly established in the reporting. The most notable publicly reported operations involve the disputed Airtel subscriber data allegations and the listing of Malaysian e‑payment provider accounts for sale, both of which remain unresolved regarding the actual extent of any compromise.
