A string of cyber espionage campaigns dating all the way back to 2014 and focused on gathering military intelligence from neighbouring countries have been linked to a Chinese military-intelligence apparatus.
In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm’s Insikt Group said it identified ties between a group it tracks as “RedFoxtrot” to the People’s Liberation Army (PLA) Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country.
Previously called the Lanzhou Military Region’s Second Technical Reconnaissance Bureau, Unit 69010 is a military cover for a Technical Reconnaissance Bureau (TRB) within China’s Strategic Support Force (SSF) Network Systems Department (NSD).
The connection to PLA Unit 69010 stems from what the researchers said were “lax operational security measures” adopted by an unnamed suspected RedFoxtrot threat actor, whose online persona disclosed the physical address of the reconnaissance bureau and has had a history of affiliating with the PLA’s former Communications Command Academy in Wuhan.
RedFoxtrot is noted to target government, defense,…