Chinese hackers likely targeted energy companies operating in the South China Sea and the Australian government, according to a US tech security firm, the latest accusation of coordinated cybersnooping by the Asian nation to advance its geopolitical goals.
(Bloomberg) — Chinese hackers likely targeted energy companies operating in the South China Sea and the Australian government, according to a US tech security firm, the latest accusation of coordinated cybersnooping by the Asian nation to advance its geopolitical goals.
Researchers uncovered an ongoing phishing campaign lasting more than a year that has been aimed at projects including the Kasawari gas field and a wind farm in the Taiwan Strait, Proofpoint Inc. said in a report on Tuesday. The gas project is in Malaysian waters and operated by Petroliam Nasional Bhd., which declined to comment on the research report. Petronas did say it follows best practices to protect its assets and operations.
Proofpoint said it had “moderate confidence” that the hacking was being performed by a group called TA423, adding it is based in China and motivated by espionage.
The US government and cybersecurity companies have long alleged that China runs expansive hacking operations. In July, Federal Bureau of Investigation Director Christopher Wray warned Western companies that China aims to “ransack” their intellectual property so it can eventually dominate key industries. It operated a “lavishly resourced hacking program that’s bigger than that of every other major country combined,” he said.
China routinely denies the accusations, saying it is a victim of cyberattacks and countering that the US is the “empire of hacking.” The Foreign Ministry in Beijing didn’t immediately respond to a request for comment on Tuesday.
Blacklists, Trade and More U.S.-China Flashpoints: QuickTake
China claims more than four-fifths of the South China Sea as its own, angering Malaysia, the Philippines and Vietnam. The body of water is one of the world’s busiest shipping routes, and the US estimates that more than 30% of the global maritime crude oil trade passes through it.
Proofpoint said that emails used in the phishing campaign impersonated Australian media organizations including The Australian and Herald Sun to deliver ScanBox malware. PwC Threat Intelligence, which assisted Proofpoint in its research, “assesses it is highly likely that ScanBox is shared privately amongst multiple China-based threat actors,” its report said.
News Corp. representatives in Australia didn’t immediately respond to a request for comment.
Proofpoint said a ScanBox campaign running from April to June targeted agencies of the Australian government at both the local and federal level. An earlier phishing effort centered on a European maker of heavy equipment for a wind farm in the Taiwan Strait, the report added.
Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said TA423’s “focus on naval issues is likely to remain a constant priority in places like Malaysia, Singapore, Taiwan and Australia.”
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.
