Cybersecurity researchers found evidence that a Chinese hacker campaign has been targeting energy and manufacturing companies worldwide, especially in the South China Sea.
A report by US-based cybersecurity firm Proofpoint and PwC Threat Intelligence claims that a China-based hacker group ‘TA423’ is behind the attacks and has been actively targeting organizations associated with the South China Sea development projects. The group is motivated by espionage and has previously targeted organizations in Australia, Malaysia, Europe, and more.
TA423/Red Ladon targets organizations in the South China Sea
TA423/Red Ladon is not a new threat actor and has been operating since 2013. The espionage-motivated threat actor is slowly targeting organizations in the South China Sea and continuously hunting down international businesses, academic institutions, government organizations, and businesses engaged in operations linked to Australasian policy or the South China Sea.
Between April 12 and mid-June 2022, cybersecurity researchers detected several phishing attacks targeting offshore energy production in the South China Sea. The Chinese hacker group allegedly used identical-looking websites and acted as Australian news outlets to link users to a phishing email scam.
According to a South China Morning Report, the attacks are aimed at multiple projects in the South China Sea, such as the Kasawari gas field in the Malaysian waters run by oil and gas company Petroliam Nasional Bhd. TA423/Red Ladon was also involved in attacking government organizations in other parts of Asia — including the National Election Commission in Cambodia — using domains that look similar to renowned news websites.
Why is the South China Sea important?
As per reports, nations in the Asia Pacific region and Australian government agencies currently engaged in the South China Sea operations are the direct targets of the Chinese hacker group.
Since the tension between China and other countries has increased due to development projects in the South China Sea, many TAs have marked the projects as ‘high importance’ because the area accounts for at least a third of the global maritime trade.
Moreover, researchers have said that oil and natural gas reserves lie beneath its seabed, making it the perfect place to establish a business. The wide variety of fish also counts for better food security.
Due to these factors, the Chinese hacker group is continuing its operations targeting organizations and countries related to the South China Sea and additional incursions in Australia, Europe, and the United States.