Campaign · all campaigns
RedDelta Modified PlugX Infection Chain OperationsC0047 state-contractor
🇨🇳 CN · MSS
aka RedDelta Modified PlugX Infection Chain Operations
Run by Mustang Panda
Last updated: 2026-07-03
About this actor
[RedDelta Modified PlugX Infection Chain Operations](https://attack.mitre.org/campaigns/C0047) was executed by [Mustang Panda](https://attack.mitre.org/groups/G0129) from mid-2023 through the end of 2024 against multiple entities in East and Southeast Asia. [RedDelta Modified PlugX Infection Chain Operations](https://attack.mitre.org/campaigns/C0047) involved phishing to deliver malicious files or links to users prompting follow-on installer downloads to load [PlugX](https://attack.mitre.org/software/S0013) on victim machines in a persistent state.(Citation: Recorded Future RedDelta 2025)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-2 | 20 / 36 | 56% |
CM-6 | 20 / 36 | 56% |
SI-3 | 20 / 36 | 56% |
SI-4 | 20 / 36 | 56% |
CM-7 | 16 / 36 | 44% |
CA-7 | 15 / 36 | 42% |
AC-4 | 13 / 36 | 36% |
SC-7 | 12 / 36 | 33% |
SI-10 | 12 / 36 | 33% |
SI-7 | 12 / 36 | 33% |
SI-2 | 11 / 36 | 31% |
AC-3 | 10 / 36 | 28% |
AC-6 | 8 / 36 | 22% |
AC-2 | 7 / 36 | 19% |
CM-8 | 7 / 36 | 19% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- LazyScripter 0.40
- BITTER 0.38
- Transparent Tribe 0.37
- APT19 0.36
- C0021 0.35
Same nation-state
- Night Dragon 1.00
- FunnyDream 1.00
- Operation Wocao 1.00
- C0017 1.00
- Cutting Edge 1.00
Same category
- C0017 1.00
- APT41 DUST 1.00
- APT3 1.00
- APT41 1.00
- Mustang Panda 1.00