Chinese state hackers targeted Australian federal and local gov

Chinese state hackers targeted Australian federal and local gov
Fake website set up by TA423 / Red Ladon
Launched watering hole attacks via fake news sites.

Threat actors believed to be sponsored by China are said to be behind espionage campaigns around the world, with Australian local and federal government agencies among the targets.

The Australian Navy is believed to have been one of the targets of a sophisticated phishing campaign, security researchers said.

Security vendor Proofpoint with the help of management consultants PwC have presented an analysis of campaigns attributed to the TA423 / Red Ladon hacking group, which aimed to plant malware through the ScanBox Javascript reconnaissance attack kit.

ScanBox provides keystroke logging functionality through malicious Javascript code running in a web browser, and does not rely on malware written to disk.

Red Ladon set up a fake website, australianmorningnews.com, with news content stolen from BBC, Reuters and others, to conduct watering hole attacks against targets.

After the site was set up, the hackers sent phishing emails with links to the malware infested website.

The United States Department of Justice indicted [pdf] four people in November 2019 alleged to be part of TA423 / Red Ladon, believed to be connected to China's ministry of state security (MSS) spy agency on Hainan Island.

In 2020, the Australian Signals Directorate issued an advisory [pdf] alerting that the threat actors were involved in a sustained campaign against Australian governments.

Proofpoint and PwC said the espionage campaign took place between April and mid June this year.

Other targets of the threat actors included Australian news media, offshore drilling and deep water energy companies in Malaysia, and manufacters responsible for the maintenance of wind turbines in the South China Sea.

