Security News > 2022 > August > Chinese hackers target Australian govt with ScanBox malware

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.

Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.

The campaign was active from April to June this year and targeted people at local and federal Australian Government agencies, Australian news media organizations, and at global heavy industry manufacturers that provide maintenance to wind turbines in the South China Sea.

ScanBox has been seen in multiple attacks from at least six China-based threat actors in the past and there is sufficient evidence indicating that the toolkit has been used since at least 2014.

Visitors of the fake website were served with a copy of the ScanBox framework via JavaScript execution and staged module loading.

In some cases observed in June 2022, the threat actors targeted the Australian Naval Defense, oil and petroleum, and deep water drilling firms using COVID-19 passport services lures that downloaded a DLL stager for loading Meterpreter.

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-target-australian-govt-with-scanbox-malware/