{ "id": "5d90c38e-b4f6-4dfa-9f25-e4548fec7717", "created_at": "2026-04-06T00:20:13.308135Z", "updated_at": "2026-04-10T03:32:35.131934Z", "deleted_at": null, "sha1_hash": "cfec5eac563b4b3586ca53dee55d18418cbcfd04", "title": "Recorded Future", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45945, "plain_text": "Recorded Future\r\nArchived: 2026-04-05 22:42:58 UTC\r\nThreat Activity Group RedFoxtrot Linked to Chinese Military Targets Bordering\r\nAsian Countries\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore\r\nmagna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo\r\nconsequat. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et\r\ndolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea\r\ncommodo consequat. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt\r\nut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut\r\naliquip ex ea commodo consequat.\r\nInsikt Research Report\r\nUsing a combination of large-scale, automated network traffic analytics and expert analysis, Recorded Future’s\r\nInsikt Group has identified ties between a suspected Chinese state-sponsored threat activity group tracked as\r\nRedFoxtrot and the Chinese military intelligence apparatus, People's Liberation Army (PLA) Unit 69010, located\r\nin Ürümqi, Xinjiang.\r\nhttps://go.recordedfuture.com/redfoxtrot-insikt-report\r\nPage 1 of 4\n\nThe cyber activity of the PLA has largely been a black box for the intelligence community since its 2015\r\norganizational restructuring. Since then, public reporting has largely concentrated on groups linked to China’s\r\nMinistry of State Security. This breakthrough report changes that, providing a rare glimpse into PLA cyber\r\nespionage operations.\r\nDetails revealed in this Insikt Group report include:\r\nA rare glimpse into PLA Unit 69010 cyber espionage operations and links that tie activity back to specific\r\nindividuals.\r\nSpecifics on network intrusions targeting aerospace and defense, government, telecommunications, mining,\r\nand research organizations in bordering Asian countries.\r\nDetails into PLA operational infrastructure that has employed both bespoke and publicly available malware\r\nfamilies commonly used by Chinese cyber espionage groups.\r\nReady to get started? Sign up now!\r\nRecommended Content\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore\r\nmagna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo\r\nconsequat.\r\nUt Enim Minima\r\nSed ut perspiciatis unde omnis iste natus error sit voluptatem!\r\nhttps://go.recordedfuture.com/redfoxtrot-insikt-report\r\nPage 2 of 4\n\nSed ut perspiciatis\r\nSed ut perspiciatis unde omnis iste natus error sit voluptatem!\r\nError sit voluptatem!\r\nSed ut perspiciatis unde omnis iste natus error sit voluptatem!\r\nConsectetur adipiscing elit...\r\nhttps://go.recordedfuture.com/redfoxtrot-insikt-report\r\nPage 3 of 4\n\nLorem C.\r\n\"Et harum quidem rerum facilis est et expedita distinctio!\"\r\nIpsem T.\r\n\"Et harum quidem rerum facilis est et expedita distinctio!\"\r\nAoeren T.\r\n\"Et harum quidem rerum facilis est et expedita distinctio!\"\r\nSource: https://go.recordedfuture.com/redfoxtrot-insikt-report\r\nhttps://go.recordedfuture.com/redfoxtrot-insikt-report\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://go.recordedfuture.com/redfoxtrot-insikt-report" ], "report_names": [ "redfoxtrot-insikt-report" ], "threat_actors": [ { "id": "1aead86d-0c57-4e3b-b464-a69f6de20cde", "created_at": "2023-01-06T13:46:38.318176Z", "updated_at": "2026-04-10T02:00:02.925424Z", "deleted_at": null, "main_name": "DAGGER PANDA", "aliases": [ "UAT-7290", "Red Foxtrot", "IceFog", "RedFoxtrot", "Red Wendigo", "PLA Unit 69010" ], "source_name": "MISPGALAXY:DAGGER PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bbb1ee4e-bbe9-44de-8f46-8e7fec09f695", "created_at": "2022-10-25T16:07:24.120424Z", "updated_at": "2026-04-10T02:00:04.871598Z", "deleted_at": null, "main_name": "RedFoxtrot", "aliases": [ "Moshen Dragon", "Nomad Panda", "TEMP.Trident" ], "source_name": "ETDA:RedFoxtrot", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "Agent.dhwf", "Chymine", "Darkmoon", "Destroy RAT", "DestroyRAT", "Fucobha", "GUNTERS", "Gen:Trojan.Heur.PT", "Icefog", "Impacket", "Kaba", "Korplug", "PCShare", "POISONPLUG.SHADOW", "PlugX", "Poison Ivy", "RedDelta", "RoyalRoad", "SPIVY", "ShadowPad Winnti", "Sogu", "TIGERPLUG", "TVT", "Thoper", "XShellGhost", "Xamtrav", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434813, "ts_updated_at": 1775791955, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cfec5eac563b4b3586ca53dee55d18418cbcfd04.pdf", "text": "https://archive.orkl.eu/cfec5eac563b4b3586ca53dee55d18418cbcfd04.txt", "img": "https://archive.orkl.eu/cfec5eac563b4b3586ca53dee55d18418cbcfd04.jpg" } }