A cluster of Chinese threat groups known as “Crimson Palace” is carrying out attacks on Asian governments and their secrets. The threat clusters are based out of the People’s Republic of China and have compromised at least a dozen targets. One of these targets was a Southeast Asian government organization. Operation Crimson Palace has been active all year, and has three clusters of threat actors. The operation uses a team-based approach in its cyber heists, and each of the three arms has a specific role in the wider attack chain. This strategy lets each arm focus on a specific task, giving the groups the ability to work on different compromises at the same time. Using this strategy, Crimson Palace successfully stole potentially sensitive data and materials from a Southeast Asian government agency.



