Cybersecurity researchers said Tuesday they have uncovered a recent cyberespionage campaign targeting energy and manufacturing companies around the world. South China Seait was committed by a Chinese hacker.
The cyberattack targeted companies operating in Australia, Malaysia, Europe and the South China According to US-based cybersecurity firm Proofpoint and PwC Threat Intelligence, Sea.
“TA423/Red Ladon is a China-based espionage-motivated threat actor that has been active since 2013, and has been active in various organizations in response to political events in the Asia-Pacific region, particularly in the South China Sea. are targeting,” the company said in a blog post.
China always denies it hacking The group targets foreign companies.
Targeted organizations include defense contractors, manufacturers, universities, government agencies, law firms involved in diplomatic disputes, and foreign companies involved in Australian policy and operations in the South China Sea.
Proofpoint has identified several waves of phishing campaigns by Chinese hacking groups targeting offshore energy production in the South China Sea between April 12th and mid-June 2022.
This phishing campaign included a URL delivered in a phishing email that redirected victims to a malicious website masquerading as an Australian news outlet.
TA423/Red Ladon also targeted Cambodia via domains masquerading as news websites, attacking prominent government agencies such as the National Election Commission.
In March, Proofpoint observed phishing activity targeting a manufacturer of heavy equipment used to install offshore wind farms in Europe. Taiwan Strait.
“While the campaign is international in scope, it is focused on companies and countries operating in the Asia-Pacific region, Australian government agencies, and the South China Sea,” said the researchers.
In particular, Proofpoint has observed TA423/Red Ladon targeting organizations directly involved in South China Sea development projects. The Kasari gas field was developed “at a time when tensions were high between China and other countries in relation to development projects of high strategic importance.” Malaysia, and offshore wind farms in the Taiwan Strait.
Following the US Department of Justice’s indictment and disclosure in July 2021, Proofpoint analysts have observed no apparent disruption to the operational tempo of phishing campaigns specifically related to TA423/Red Ladon.
Overall, Chinese hacking groups “continue intelligence gathering and espionage missions primarily targeting countries in the South China Sea, with further intrusions into Australia, Europe, and the United States.”