At a glance.
- Cyberespionage around the South China Sea.
- Oktapus and the Twilio compromise.
- Montenegro works to recover from Russian cyber offensive.
- Russian streaming platform sustains a data leak.
- Gang looks beyond double extortion.
Cyberespionage around the South China Sea.
Proofpoint this morning released a report on a cyberespionage campaign against nations with regional interests centered on, but not confined to, the South China Sea. The researchers call the responsible threat group TA423 or Red Ladon, and say that it shows an overlap with APT40, a Chinese government unit, also known as Leviathan, that operates from Hainan. Red Ladon has a close interest in the Australian government and in anyone's wind turbines in the South China Sea. The threat actor typically achieves initial access by phishing. "Beginning on 12 April 2022, and continuing through mid-June 2022, Proofpoint identified several waves of a phishing campaign resulting in the execution of the ScanBox reconnaissance framework, in part based on intelligence shared by PwC Threat Intelligence related to ongoing ScanBox activity. The phishing campaign involved URLs delivered in phishing emails, which redirected victims to a malicious website posing as an Australian news media outlet." The phishing campaign has been long-running, and the cyberespionage serves Beijing's long-range economic interests.