Chinese cybersecurity attack on Australia exposed

Chinese cyber attackers mined Australian computer systems for months, seeking vital information about defence and energy.

American cyber security firm proofpoint revealed the “Red Ladon” group — said to be linked to the Chinese government — set up a fake Australian publication and attempted to goad Aussie employees connected to sensitive information into clicking a link that infected their computers with malware.

Workers at high profile media companies, defence and health agencies were reportedly targeted for three months in 2022, particularly throughout the Federal Election.

The Australian reported the phishing scam was seeking sensitive defence, navy and energy information relating to the South China Sea.

The emails tried to persuade people to visit a website called Australian Morning News, which was a fake new website filled with malware that would allow spies to obtain victims’ data.

Vice-president of threat research and detection at Proofpoint, Sherrod DeGrippo, said Red Ladon (otherwise known as TA423) posed one of the world’s biggest threats to cyber security.

“They support the Chinese government in matters related to the South China Sea, including during the recent tensions in Taiwan,’’ Ms DeGrippo said, admitting early analysis has not yet revealed how successful the scam was.

“This group specifically wants to know who is active in the region and while we can’t say for certain, their focus on naval issues is likely to remain a constant priority in places like Malaysia, Singapore, Taiwan, and Australia.”

“Proofpoint blocks these threats when they’re detected in email against our customers. What may happen or dam­ages that may occur if the threat actors get access via another method or if they are attempting delivery via another means is not something we can speak to.”

Proofpoint, working closely with PwC, said Red Ladon hackers have been targeting sensitive information both in Australia and overseas.

“These targets regularly included military academic institutions, as well as local and federal government, defence, and public health sectors,’’ Proofpoint said in a report.

The shady hacking group has also attempted to breach Cambodia’s National Election Commission in the lead-up to the nation’s federal election four years ago.

“Red Ladon’s 2018 ScanBox activity targeting Cambodia involved domains masquerading as news websites and targeted high-profile government entities,’’ the report said.

“One of the ScanBox server domains used in that campaign, mlcdailynews[.]com, hosted several articles about Cambodian affairs and US and East Asia relations, for which contents were copied from legitimate publications (Khmer Post, Asia Times, Reuters, Associated Press).

“These were likely used as lures in phishing emails to convince targets to follow malicious links to the actor-controlled ScanBox domain.’’

Originally published as Chinese cyber attack on Australia exposed

Read original article here

Denial of responsibility! Toys Matrix is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@ toysmatrix.com . The content will be deleted within 24 hours.

Leave a comment
My title Page contents