New Chinese Cyber ​​Espionage Efforts Leverage ScanBox Reconnaissance Tool

Organizations in Australia and offshore energy companies operating in the South China Sea have been targeted by Chinese state-sponsored Advanced Persistent Threat Actor TA423, also known as Red Ladon, in cyber espionage campaigns firing based on the ScanBox recognition framework, according to threat post. TA423 launches the attacks with phishing emails claiming to be from an employee of the fictitious “Australian Morning News” organization that tricks recipients into visiting the company’s website, which then redirects them to a web page containing content from legitimate news sites while providing the ScanBox malware framework, a report from Proofpoints’ Threat Research Team and PwC’s Threat Intelligence Team revealed. ScanBox then helps facilitate a multi-step attack, with the primary initial script eliminating system details of the target computer while tracking browser extensions and plug-ins. The WebRTC implementation allows ScanBox to bind to pre-configured targets, as well as session traversal utilities for using NAT technology for attackers. Such attacks were carried out to support the Chinese government amid tensions in Taiwan, noted Sherrod DeGrippo, Proofpoint’s vice president, Threat Research and Detection.

Comments are closed.