There are reports indicating that a group of Chinese hackers is targeting establishments in Australia, Malaysia, and some European countries. The hackers are using a fake Australian news site. They targeted Australian government agencies (both local and federal), media companies of Australia, and companies engaged in the maintenance of wind turbine fleets in the South China Sea. Visitors to the site are attacked using Scanbox Framework. It is in the form of a Javascript file. Scanbox collects visitors’ information without infecting the system. Information accessed may be regarding the operating system, geographical location, security software, etc. of the visitor.
Phishing emails are sent by members of the gang posing as employees of the fake Australian media. If any visitor happens to click their link, he will be vulnerable to Scanbox. The fake media is reportedly named “Australian Morning News”.
American security company Proofpoint and professional business services company PricewaterhouseCoopers (PwC) have found that the objective of the hackers was cyber espionage. Proofpoint and PwC have named the hacker campaign TA423/Red Ladon. The hackers are active since 2013 in the Asia Pacific region and Australia.
The pattern of the target is being detected by Proofpoint since March 2021. At that time targets were from Malaysia and Australia. The researchers have identified three phases of cyberattacks in recent years. Phase 1 was from March 2021 to September 2021. The second phase was in March 2022. The third phase was from April 2022 to June 2022. In the third phase, phishing emails deliver malicious-themed Australian media URLs.
