According to a leading US security firm, hackers developed a phony news website to collect data from Australian government officials, journalists, and other individuals.
The targets were sent
emails that seemed to be from Australian news organizations and contained links
to malicious websites.
They would then have
malicious code installed on their device by the website, which was filled with
articles plagiarized from BBC News.
It was "very
certain," according to Proofpoint, that the hackers were working for the
Chinese government.
"We take
attribution very seriously," Proofpoint threat research and detection
vice-president Sherrod DeGrippo said.
"We specifically
don't release attribution unless we have high confidence.
"Essentially, a
big part of our attribution capability comes from the fact that the United
States Department of Justice agrees with the attribution and data that we have
released.
"The reason that
we have such high confidence in this particular attribution really goes back to
the DoJ indictment, which mentions these defendants and specifically calls out
the Proofpoint name identifier of 'Leviathan'."
The UK's National Cyber
Security Centre stated in 2021 that it was "almost certain" the
hackers were connected to the Chinese government, and Proofpoint stated that
the hackers were a part of a group of which four individuals had been charged
by the US at the time.
In response to
political events in the Asia-Pacific area, with a focus on the South China Sea,
the group was described as "a China-based, espionage-motivated threat
actor that has been active since 2013."
For comment, the
Australian Cyber Security Centre has been contacted.
According to
Proofpoint, victims of the group's most recent hack received emails purporting
to be from someone who had launched a news website between April and June.
They had then been
asked to review the site and consider writing for it.
'Anglo-styled names'
"What I think is
quite novel about it is they went so far as to create these fake media
websites, by scraping legitimate sites, including the BBC, in their efforts to
appear real," Ms DeGrippo said.
"And further, they
created multiple identities that they were sending from.
"There's about 50
of them... all of the very Anglo-styled names you might imagine Australians to
be named.
"They created all
of these sorts of pseudo identities to launch the attack from, making them more
believable."
The fake names - each
with their own unique Gmail address - included Daisha Manalo, Blair Goodland,
and Bethel Giffen.
Source: BBC

0 Comments