Suspected Chinese cyberespionage campaign has global reach

High-profile government and private organizations in the Americas, Asia, Africa, and Oceania, have been targeted by suspected Chinese cyberespionage operation RedNovember, also known as Storm-2077, as part of an attack campaign that ran from June 2024 to July 2025, The Hacker News reports. Intrusions by RedNovember which are believed to have impacted at least two U.S. defense contractors, a European government directorate, and other organizations in the defense, aerospace, and legal services sectors involved the compromise of vulnerable VPNs, firewalls, and other security solutions with Pantegana and Spark RAT, according to a Recorded Future analysis. Aside from leveraging a LESLIELOADER variant to deploy Spark RAT and Cobalt Strike Beacons, RedNovember has also exploited ExpressVPN and other VPN services to enable communications with Pantegana, Spark RAT, and Cobalt Strike. "RedNovember has historically targeted a diverse range of countries and sectors, suggesting broad and changing intelligence requirements," said Recorded Future researchers.