According to a report by Proofpoint and PwC Threat Intelligence, the TA423 group backed by Beijing sought to infiltrate government agencies, news media and industries involved in wind turbine supply chains to the South China Sea. TA423, also known as the Red Ladon group, had been active since 2013 and was even indicted by the U.S. Department of Justice.
"Australian targets regularly included military academic institutions, as well as local and federal government, defense, and public health sectors," the report's authors said. "Malaysian targets included offshore drilling and deep-water energy exploration entities, as well as global marketing and financial companies. Several global companies were also targeted that appear to relate to the global supply chains of offshore energy projects in the South China Sea."
The authors also expounded on TA423's latest cyber espionage campaign, which ran from April to June 2022. It involved emails from a GMail or Outlook address to unwitting targets that had subject headers such as "User Research" and "Request Cooperation."
According to the report, the email claimed to be from a "humble news website" that was soliciting feedback from readers. It had a link to a fake news outlet called "Australian Morning News" that delivered malware to computers when clicked.
"The campaign has an international reach, but [has] a heavy focus on the Asia Pacific region, Australian governmental entities, and companies and countries operating in the South China Sea," the authors pointed out.
They also noted that TA423 had been targeting "entities directly involved with development projects in the South China Sea closely around the time of tensions between China and other countries related to development projects of high strategic importance, such as the Kasawari Gas field developed by Malaysia and an offshore wind farm in the Strait of Taiwan."
TA423 is not the only hacking group working to spy on other nations at the behest of the Chinese Communist Party. Another group called APT41 has also launched cyber espionage and cyber attacks against different entities.
Back in May 2021, APT41 – which also goes by the names Winnti, BARIUM and Blackfly – hacked into the networks of at least six U.S. state governments. A March 8, 2022 report by Reston, Virginia-based cybersecurity company Mandiant expounded on this breach. Tech giant Google acquired Mandiant the same month the report was released.
According to the Mandiant report, APT41 hackers took advantage of a previously unknown vulnerability in a commercial web application used by several states for animal health management. Two U.S. state governments earlier victimized by the hackers were breached once more in late February 2022, it added. (Related: China hacking and penetration of critical U.S. infrastructure systems worse than previous thought.)
APT41 was also involved in Operation CuckooBees, which involved the theft of intellectual property (IP) worth trillions of dollars from more than 30 companies. The operation, which began in 2019, targeted technology and manufacturing companies located in North America, Europe and Asia.
Boston-based cybersecurity company Cybereason wrote about Operation CuckooBees in a May 4, 2022 post. According to the firm, it was made aware of the malicious operation in April 2021 after a company flagged a potential intrusion during a business pitch meeting.
Analysts from Cybereason then reverse-engineered the cyber attack to determine how the client's network was compromised. They found that APT41 hackers "maintained full access to everything in the network in order for them to pick and choose the right information that they needed to collect."
Visit CommunistChina.news for more stories about cyber attacks by Beijing-backed hacking groups like TA423 and APT41.
Watch this video about Beijing-backed hackers targeting humanitarian groups.
This video is from the Chinese taking down EVIL CCP channel on Brighteon.com.