Who is Operation Red Signature?

Operation Red Signature is a threat actor attributed to CN. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Operation Red Signature exploit?

Specific CVE exploitation data for Operation Red Signature is being tracked. Check the Strobes VI threat actor profile for updates.

Operation Red Signature

Exploited CVEs

Overview

The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT to their targets of interest through the update process. They carried this out by first stealing the company’s certificate then using it to sign the malware. They also configured the update server to only deliver malicious files if the client is located in the range of IP addresses of their target organisations.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions