Hackers target politicians with fake news website

 


According to a leading US security firm, hackers developed a phony news website to collect data from Australian government officials, journalists, and other individuals.

 

The targets were sent emails that seemed to be from Australian news organizations and contained links to malicious websites.

 

They would then have malicious code installed on their device by the website, which was filled with articles plagiarized from BBC News.

 

It was "very certain," according to Proofpoint, that the hackers were working for the Chinese government.

 

"We take attribution very seriously," Proofpoint threat research and detection vice-president Sherrod DeGrippo said.

 

"We specifically don't release attribution unless we have high confidence.

 

"Essentially, a big part of our attribution capability comes from the fact that the United States Department of Justice agrees with the attribution and data that we have released.

 

"The reason that we have such high confidence in this particular attribution really goes back to the DoJ indictment, which mentions these defendants and specifically calls out the Proofpoint name identifier of 'Leviathan'."

 

'Espionage-motivated threat'

 

The UK's National Cyber Security Centre stated in 2021 that it was "almost certain" the hackers were connected to the Chinese government, and Proofpoint stated that the hackers were a part of a group of which four individuals had been charged by the US at the time.

 

In response to political events in the Asia-Pacific area, with a focus on the South China Sea, the group was described as "a China-based, espionage-motivated threat actor that has been active since 2013."

 

For comment, the Australian Cyber Security Centre has been contacted.

 

According to Proofpoint, victims of the group's most recent hack received emails purporting to be from someone who had launched a news website between April and June.

 

 

They had then been asked to review the site and consider writing for it.

 

'Anglo-styled names'


"What I think is quite novel about it is they went so far as to create these fake media websites, by scraping legitimate sites, including the BBC, in their efforts to appear real," Ms DeGrippo said.

 

"And further, they created multiple identities that they were sending from.

 

"There's about 50 of them... all of the very Anglo-styled names you might imagine Australians to be named.

 

"They created all of these sorts of pseudo identities to launch the attack from, making them more believable."

 

The fake names - each with their own unique Gmail address - included Daisha Manalo, Blair Goodland, and Bethel Giffen.

 

Source: BBC



Post a Comment

0 Comments