Subscribe
Home » How Hackers Targeted Politicians With a Fake News Site

How Hackers Targeted Politicians With a Fake News Site

by Staff
0 comment

Politicians, manufacturers, media companies, and government agencies have fallen victim to a sophisticated, China-linked cyberattack, which infected their computers with malware.

So what happened? Who was targeted by cybercriminals and how?

Who Was Attacked and How?

According to cybersecurity specialists, ProofPoint, a group, believed to be Red Ladon, registered the domain name “australianmorningnews(dot)com” on April 8th, 2022, and populated the site with plausible news stories copied from sources including BBC News.

Targets included businesses involved in the manufacture, supply, maintenance, and construction of offshore energy projects, as well as Australian politicians, government agencies, military academic institutions, and public healthcare bodies. Other targeted countries include Malaysia, Thailand, Singapore, and Germany.

Victims received an email supposedly from a reporter at the fictitious Australian Morning News media agency. Acknowledging that the newness of the domain registration and amateurish site layout might arouse suspicion, some of the emails claimed to be from a person, “trying to make a news website”, and looking for user feedback. Others offered editorial positions and requests for cooperation.


Each email also contained a link with a unique tracking code, meaning that the group could easily identify which target visited the site.

Once on the website, ScanBox malware selectively executed JavaScript payloads in a way that would avoid tipping off the victim. These payloads included keyloggers, victim browser plugin information, browser fingerprinting, and plugins to find out whether the antivirus service, Kaspersky Internet Security, is installed.

What Is Red Ladon, and What Are Its Aims?

Red Ladon is a China-based threat actor with a historic focus on the South China Sea. Also known as TA243, Red Ladon has been active since 2013, and is classified by the Australian authorities as a state actor. In addition to the most recent attacks, Red Ladon was implicated in the 2020 Copy-Paste attacks on Australian infrastructure services, according to the Australian government. Typically, the group uses phishing attacks—as well as employing port scanners to identify and exploit vulnerabilities in web facing services.


Red Ladon appears to be interested in compromising companies and countries involved in energy infrastructure projects in what China sees as its own backyard. Previous targets include European companies involved in wind farm construction in the Strait of Taiwan, and Malaysian companies associated with the Kasawari Gas Project.

State-Backed Cyberattacks Aren’t Going Away

Attacking a company or country over the internet is a low risk way of achieving aims that could only be otherwise achieved through military or diplomatic methods. While that might not worry you in the same way falling for a scam might do, attacking key infrastructure can nonetheless affect your everyday life.



Read the full article here

You may also like

Leave a Comment

Iman Hearts is one of the biggest lifestyle news and articles portals, we provide the latest news and articles about family, lifestyle, entertainment, and many more, follow us to get the latest news about what matters to you.

 

© 2022 Iman Hearts. All rights reserved. Sitemap