Hacking: Hackers target Australian politicians with fake news site for spying

Hacking: Hackers target Australian politicians with fake news site for spying

Hackers have created a fake news website to collect data on Australian government officials, journalists and other personalities, according to a prominent US cybersecurity company.

A number of the targets received emails purporting to be from Australian news sites, and related to a fake website.

The site, which is filled with articles stolen from the BBC News website, aims to install malware on the devices of the targeted characters.

US cybersecurity firm Proofpoint said it had "very high confidence" that the hackers were working for the Chinese government.

"We take the conclusion seriously," said Sherrod Degrebeau, vice president of threat research at Proofpoint.

"We specifically do not announce our conclusion unless we have great confidence," she added.

"A large part of our ability to conclude stems from the fact that the US Department of Justice approves of the statements we have made," she said.

She added, "The reason for our great confidence in this conclusion is precisely the indictment issued by the Department of Justice, which mentions these defendants and specifically what Proofpoint called them (Leviathan)."

Espionage threat
Proofpoint said the hackers were part of a group whose four members were indicted by the United States in 2021, when Britain's National Cyber ​​Security Center announced it was "almost certain" that they were linked to the Chinese government.

The company added that the group is a "China-based espionage threat actor active since 2013, targeting a variety of organizations in response to political events in the Asia-Pacific region, with a focus on the South China Sea."

The BBC has contacted the Australian Cyber ​​Security Center for comment.

In the group's most recent hack, between April and June, the victims received emails purporting to be from someone who had set up a news site, according to Proofpoint.

The targeted personalities were asked to read the site, and think about the possibility of writing articles on it.
a person typing on a keyboard PICTURE RELEASED,GETTY IMAGES
a person typing on a keyboard

English-language names
"I think what's completely new about this is that they went so far as to create these fake news sites, by blocking the activity of real sites, including the BBC, to show their efforts on the ground," Degrepo said.

Moreover, they used multiple identities from which they were sending messages.

"There are about 50 of them," she said. "They are all names with an English form so you'd think they were Australian names."

"They create all these kinds of fake identities to target characters, which makes them more believable," she added.

The fake website is rife with malware that will infect the target person's computer with a tool called ScanBox, which scans their profile, the device and the web pages the person has visited.

"Fundamentally ScanBox is a survey tool and a working framework for exploitation," Deguerepo said.

"When we visualize that, in addition to the entity being a China-based spy group, it makes sense," she added.

"sensitive role"
The attack appears to focus not only on people involved in energy production, such as offshore energy exploration in the South China Sea, manufacturing of wind turbines and alternative energy, but on defense contractors and individuals involved in health care and financial services.

"Consumers are generally not on the list of Chinese spy services," Degrebeau said.

"Nevertheless, anyone who has a sensitive role in their job, even if they are dealing with things like engineering, things that may not appear to be among the state's secrets, China considers that important secrets and espionage information," she added.

Degrebo said people should make sure their browsers are up-to-date and their firewall and antivirus software are running.

However, she added, "Organizations must think professionally about the types of data their employees have access to and whether they have the correct technology in place to protect their employees from these types of attacks."

📨 Leave us a comment :