Chinese using state-backed hackers to attack energy projects in South China Sea
China is using state-backed hackers to launch cyberattacks against energy projects in the South China Sea, according to new research from cybersecurity firm Proofpoint and consulting firm PwC.
Hacking group Red Ladon, also known as TA423, is using a simple phishing scam to attack politically significant targets in Europe and the Asia-Pacific region, including defense contractors, infrastructure companies, and law firms involved in diplomatic disputes.
The scam sees victims lured in by fake news websites that infect targets’ computers with malicious software, called ScanBox, that lets hackers gather information for reconnaissance purposes.
The ScanBox software, which has been used in the past to spy on Tibetan campaign groups, gives hackers information about potential security flaws in their target’s systems.
From April to June 2022, Red Ladon used emails pretending to be Australian news outlets to target manufacturers and infrastructure companies involved in maintaining a wind farm in the South China Sea, the PwC and Proofpoint research shows.
Red Ladon has used similar tactics to attack Malaysian companies working on the Kasawari Gas Project, in the South China sea, and a European manufacturer of heavy equipment used on offshore wind farms in the straits of Taiwan.
The report comes after Lloyd’s of London this month said insurers should exclude coverage for state-backed cyberattacks from their standard cyber-insurance policies, due to the financial risks such policies could pose to the insurance marketplace’s stability.