Cyber Resilience

Campaign · all campaigns

RedDelta Modified PlugX Infection Chain OperationsC0047 state-contractor

🇨🇳 CN · MSS

aka RedDelta Modified PlugX Infection Chain Operations

Run by Mustang Panda

Last updated: 2026-07-03

0attributed CVEs
36ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[RedDelta Modified PlugX Infection Chain Operations](https://attack.mitre.org/campaigns/C0047) was executed by [Mustang Panda](https://attack.mitre.org/groups/G0129) from mid-2023 through the end of 2024 against multiple entities in East and Southeast Asia. [RedDelta Modified PlugX Infection Chain Operations](https://attack.mitre.org/campaigns/C0047) involved phishing to deliver malicious files or links to users prompting follow-on installer downloads to load [PlugX](https://attack.mitre.org/software/S0013) on victim machines in a persistent state.(Citation: Recorded Future RedDelta 2025)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-220 / 3656%
CM-620 / 3656%
SI-320 / 3656%
SI-420 / 3656%
CM-716 / 3644%
CA-715 / 3642%
AC-413 / 3636%
SC-712 / 3633%
SI-1012 / 3633%
SI-712 / 3633%
SI-211 / 3631%
AC-310 / 3628%
AC-68 / 3622%
AC-27 / 3619%
CM-87 / 3619%

Co-occurring actors

None.

Similar actors

Similar TTPs

Same nation-state

Same category