China-linked APT40 gang targets Australian companies Maintaining Wind Turbine Fleets
Reading Time: 2 minutes

China-linked APT40 gang targets Australian Companies maintaining wind turbine fleets manufacturers who conduct maintenance on wind turbine fleets in the South China Sea, according to Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC).

The hacking group has been carrying out campaigns from April to June of this year. Proofpoint explained the victims profile matched with a June 2021 TA423 threat that delivered a downloader in DLL format via RTF template injection.

The researchers further explained the victims were sent phishing emails which redirected them to fake versions of Australian news websites such as The Herald Sun and The Australian

The fake version carried codes embedded with malware alongwith the news stories. A familiar tactic used by the TA423 attack during the 2018 elections in Cambodia.

The threat actors may have been tracking their victims and not using a spray and pray technique.

Once lured to the site, users were infected with a malicious JavaScript payload which included modules such as a keylogger, browser identification plugins and other modules.

Researchers believe this provides evidence for the two plugins being loaded separately, preventing a malware crash from infecting both plugins at the same time.

ScanBox is a threat that collects information about your device without infecting it. This has been going on since at least 2014, and it is most often used by state-sponsored Chinese hackers.

The researchers were able to identify the presence of another China-Nexus cyber espionage actor, APT40.

Proofpoint and PwC have noticed that recent hacking attacks may be orchestrated by the hacker group TA423.

Activities related to this threat actor are publicly referred to as “APT40” and “Leviathan,” the partnership concluded that the latest news spoofing campaign is the third phase of an APT40 intelligence-gathering mission that has been ongoing since March of last year.

Between 2011 and 2018, the US Department of Justice indicted four members of a cyber-gang operating out of Hainan Province of China.

Related Articles:
North Korean Lazarus Hacking Group Caught Spying on Chemical Sector Companies
Rarible NFT Marketplace Vulnerability Can Lead to Crypto Wallet Hacking
Hamas-linked Hacking Group Catfish High Ranking Israeli Officials