11.Locks IsometricPattern Esm W900

It has been reported by the Recorded Future’s Insikt Group that RedGolf, a Chinese state-sponsored threat actor group, was using a backdoor designed especially for Windows and Linux systems called KEYPLUG to infiltrate networks.

As one of the world’s most prolific threat groups, RedGolf has been active against a variety of industries around the world for many years.

There is a history of this group developing and using a variety of custom malware families over the years. It has demonstrated an ability to weaponize newly reported vulnerabilities quickly.

During 2021 and 2022, RedGolf targeted US state government entities using KEYPLUG, a custom and modular Linux backdoor.

Several KEYPLUG samples and infrastructures that RedGolf used from at least 2021 until 2023 have been identified by Insikt Group.