Cyber-security researchers on Tuesday said they discovered a recent cyber espionage campaign targeting energy and manufacturing firms globally, including in the South China Sea, that was perpetrated by Chinese hackers.
The targets of this cyber attack spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea, according to US-based cyber-security firm Proofpoint and PwC Threat Intelligence.
“TA423/Red Ladon is a China-based, espionage-motivated threat actor that has been active since 2013, targeting a variety of organizations in response to political events in the Asia-Pacific region, with a focus on the South China Sea,” the company said in a blog post.
China has always denied that its hacking groups target foreign companies.
Targeted organizations include defence contractors, manufacturers, universities, government agencies, legal firms involved in diplomatic disputes, and foreign companies involved with Australasian policy or South China Sea operations.
Beginning on April 12 and continuing through mid-June 2022, Proofpoint identified several waves of a phishing campaign by a Chinese hacking group that targeted offshore energy production in the South China Sea.
The phishing campaign involved URLs delivered in phishing emails, which redirected victims to a malicious website posing as an Australian news media outlet.
TA423/Red Ladon also targeted Cambodia via domains masquerading as news websites and attacked high-profile government entities, including the National Election Commission.
In March, Proofpoint observed phishing activity that targeted a European manufacturer of heavy equipment utilized in the installation of an offshore wind farm in the Strait of Taiwan.
“The campaign has an international reach, but a heavy focus on the Asia Pacific region, Australian governmental entities, and companies and countries operating in the South China Sea,” said researchers.
In particular, Proofpoint observed TA423/Red Ladon targeting entities directly involved with development projects in the South China Sea “closely around the time of tensions between China and other countries related to development projects of high strategic importance”, such as the Kasawari Gas field developed by Malaysia, and an offshore wind farm in the Strait of Taiwan.
Following the US Department of Justice indictment and public disclosure in July 2021, Proofpoint analysts have not observed a distinct disruption of operational tempo, specifically for phishing campaigns associated with TA423/Red Ladon.
Overall, the Chinese hacking group “continues pursuing its intelligence-gathering and espionage mission primarily targeting countries in the South China Sea, as well as further intrusions in Australia, Europe and the United States”.