Through a fake news website, Chinese threat actors infiltrated Australian government institutions and wind turbine fleets in the South China Sea. Using enticing baits in phishing emails, victims are convinced to visit the fake website before sending them a dangerous JavaScript payload.
China-Based Hackers Used Fake News Websites to Attack Australian Government Agencies
By leading some people to a phony website that seems to be an Australian news media organization, threat actors from China have been attempting to compromise Australian government agencies and wind turbine fleets operating in the South China Sea.
The Australian and Herald Sun were among the news organization in Australia that was imitated to deliver the ScanBox malware. There is adequate evidence to infer that the toolkit has been utilized since 2014. This is because ScanBox has been seen in several past invasions by six China-based threat actors.
The ScanBox reconnaissance framework was responsible for delivering a malicious JavaScript payload to victims once they visited the phony website by phishing emails with tempting lures.
The attacks were intended for those who supervise wind turbines in the South China Sea, including the local and federal Australian government agencies, media institutions, and global heavy industries from April to June.
The campaign's pursuit, as determined by security experts at Proofpoint and PwC (PricewaterhouseCoopers), was to conduct cyber spying with regard to China's goal of expanding its territory. They attribute the conduct to a Chinese threat group known as APT40 (a.k.a. TA423, Leviathan, Red Ladon) with moderate credibility.
Additionally, Proofpoint Inc said that investigations had discovered an active phishing campaign targeting the Kasawari gas field and a Taiwan Strait wind farm.
China has long been charged with hacking by the US government and cybersecurity companies. In July, FBI Director Christopher Wray warned Western businesses that China wants to hijack their intellectual property to dominate key industries.
A Chinese Hacking Team Compromised at Least Six US Governmental Networks
Back in March, Gizmodo has reported that a security firm called Mandiant found that a state-backed Chinese hacker group had infiltrated at least six state authority networks in the United States.
APT41, a well-known threat actor, also known as "Barium" and "Winnti," that has been operating since 2012, was blamed by researchers. The gang is notorious for cyber espionage with unidentified objectives and uses susceptible platforms and systems to infiltrate governmental entities.
The hackers have gained access to Animal Health Emergency Reporting Diagnostic System (USAHERDS), an unsecured agricultural program used by state governments to monitor livestock ailments. A zero-day vulnerability in USAHERDS, operated by 18 states, enabled hackers to infiltrate the application's database server.
APT41 has been referred to be a "prolific Chinese state-sponsored cyber threat group" by BlackBerry specialists. According to information, the business disclosed in 2021 that the group has carried out other intrusions.
In September 2020, the US Department of Justice accused five Chinese nationals of breaking into more than 100 US and international firms' computers. It was also charged with ransomware, crypto-jacking, and theft of valuable corporate data, including source code, software code, signing certificates, customer account information, and crucial business data.
Last year, the United States, the European Union, NATO, and other allies accused China of carrying out a massive attack on Microsoft Exchange email systems. On the other hand, a representative for China's Ministry of Foreign Affairs, Zhao Lijin, categorically denied that China was involved in the assault. He states, "China firmly opposes and combats any form of cyberattacks, and will not encourage, support or condone any cyberattacks."
Related Article: Google Says Chinese Hacking Group is Targeting Russian Government Agencies
