A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor.

Recorded Future, which was tracking the activity under the moniker TAG-100 , has now graduated it to a hacking group dubbed RedNovember . It's also tracked by Microsoft as Storm-2077 .

"Between June 2024 and July 2025, RedNovember (which overlaps with Storm-2077) targeted perimeter appliances of high-profile organizations globally and used the Go-based backdoor Pantegana and Cobalt Strike as part of its intrusions," the Mastercard-owned company said in a report shared with The Hacker News.

"The group has expanded its targe

See Full Page