Phishing emails are sent by members of the gang posing as employees of the fake Australian media. If any visitor happens to click their link, he will be vulnerable to Scanbox. The fake media is reportedly named “Australian Morning News”.
American security company Proofpoint and professional business services company PricewaterhouseCoopers (PwC) have found that the objective of the hackers was cyber espionage. Proofpoint and PwC have named the hacker campaign TA423/Red Ladon. The hackers are active since 2013 in the Asia Pacific region and Australia.
The pattern of the target is being detected by Proofpoint since March 2021. At that time targets were from Malaysia and Australia. The researchers have identified three phases of cyberattacks in recent years. Phase 1 was from March 2021 to September 2021. The second phase was in March 2022. The third phase was from April 2022 to June 2022. In the third phase, phishing emails deliver malicious-themed Australian media URLs.