Security News > 2022 > August > Chinese hackers target Australian govt with ScanBox malware
China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.
Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.
The campaign was active from April to June this year and targeted people at local and federal Australian Government agencies, Australian news media organizations, and at global heavy industry manufacturers that provide maintenance to wind turbines in the South China Sea.
ScanBox has been seen in multiple attacks from at least six China-based threat actors in the past and there is sufficient evidence indicating that the toolkit has been used since at least 2014.
Visitors of the fake website were served with a copy of the ScanBox framework via JavaScript execution and staged module loading.
In some cases observed in June 2022, the threat actors targeted the Australian Naval Defense, oil and petroleum, and deep water drilling firms using COVID-19 passport services lures that downloaded a DLL stager for loading Meterpreter.
News URL
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)