The team of cyber threat security intelligence has discovered a brand new cyber espionage campaign that is victimizing energy and manufacturing agencies around the world. It has been reported by the US-based cyber-security firm Proofpoint and PwC Threat Intelligence that the Chinese APT known as TA423, Red Ladon, APT40, and Leviathan is behind this cyberespionage campaign.
The operators of this campaign are primarily targeting firms across Australia, Malaysia, and Europe as well as the entities that operate in the South China Sea including organizations involved in an offshore wind farm in the Taiwan Strait.
The Australian targets included the federal government, military academic institutions, and defense and public health sectors. The Malaysian targets included global marketing and finance companies, offshore drilling, and deep-water energy exploration firms. The campaign has been noticed working in three different phases – the latest from April 2022 to mid-June 2022.
As per the data, the group has been active since 2013 and previously this group has been found targeting defense contractors, universities, manufacturers, government agencies, foreign companies involved with Australasian policy or South China Sea operations, and legal firms involved in diplomatic disputes.
"TA423/Red Ladon is a China-based, espionage-motivated threat actor that has been active since 2013, targeting a variety of organizations in response to political events in the Asia-Pacific region, with a focus on the South China Sea," the company said in a blog post.
According to a report drafted by cybersecurity firm Proofpoint, working in collaboration with PwC, it noted that in its latest campaign the group used malicious emails impersonating Australian media organizations designed to lure victims including the fake Australian Morning News, to deliver ScanBox malware for reconnaissance and exploitation framework. The malware was initially discovered by AlienVault in 2014.
Further, the researchers also uncovered the phishing campaign targeting media companies, governmental agencies, South China Sea wind turbine operators, and a European manufacturer supplying equipment for the Yunlin Offshore Windfarm in the Taiwan Strait.
Overall, the Chinese-backed cyber hacking group "continues pursuing its intelligence-gathering and espionage mission primarily targeting countries in the South China Sea, as well as further intrusions in Australia, Europe, and the United States,” the blog post reads.
