Security News > 2022 > August > China-linked APT40 gang targets wind farms, Australian government
The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea.
According to the researchers, victims were sent phishing emails that directed them to faked versions of Australian news outlets The Herald Sun and The Australian.
Researchers said the plugins were likely loaded separately to prevent detection through telltale incidents such as suspicious crashes of the victim's machine.
ScanBox is an advanced persistent threat that collects information about the victim's system without infecting it.
With all signs pointing to TA423, the researchers were able to further detect the presence of another related China-Nexus cyber espionage actor, the state-sponsored APT40.
In July 2021, the DoJ indicted four members of the cyber gang living in China's Hainan Province for allegedly compromising "The computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018." .