Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week

RedNovember, a Chinese state-sponsored cyberspy group, targeted government and critical private-sector networks around the globe between June 2024 and July 2025, exploiting buggy internet-facing appliances to deploy a Go-based backdoor called Pantegana and other offensive security tools, including Cobalt Strike and SparkRAT.

This information comes via a threat report from Recorded Future's Insikt Group researchers, who previously tracked the crew as TAG-100, and noted that the Chinese snoops overlap with a group that Microsoft tracks as Storm-2077.

The report also follows a slew of other government-spies-on-the-networks warnings issued this week from government officials and private security firms alike.

RedNovember's victims span multiple sectors, but primarily center around aerospace and defense, government, and professional services companies. Its most recent campaign includes an April reconnaissance mission focused on two American oil and gas companies.

"Between H2 2024 and H2 2025, RedNovember compromised, targeted, and reconnoitered organizations on a global scale ...