Hackers are creating fake websites to steal and harvest information from Australian government officials and journalists. These Threat Actors (TAs) are using phishing emails to lure victims to visit malicious websites claiming to be from Australian news outlets.
The websites were created using information stolen from BBC News. The hackers then pursued users to install malicious code on their devices — stealing sensitive information from them and selling it to Chinese hacker groups.
According to reports, the hacker group explicitly targeted individuals in the wind-turbine manufacturing and alternative energy domains in the Asia-Pacific region. A US security firm stated that it was confident that the hackers were aligned with the Chinese government. “We take attribution very seriously. We specifically don’t release attribution unless we have high confidence,” Proofpoint Threat Research and Detection vice-president Sherrod DeGrippo said adding that the United States Department of Justice also agreed with them.
Moreover, the attack was likely connected to China because of the recent DoJ indictment, where four Chinese nationals were charged with an “Intrusion Campaign” in the United States and abroad between 2011 and 2018. With this attack, the hackers might be plotting something big, which can be perceived as an espionage-motivated threat.
In the latest attack, which made headlines in Australia, the UK, China, and the US, hackers used reverse engineering to find individuals related to world politics and journalism. The alleged hackers contacted the targets via emails while pretending to be legit news websites. It asked journalists to review the website and consider writing stories for them, which was evident as most of the hoax websites were created to look like authentic ones. In contrast, their backend looked completely different from actual web pages.
Near-perfect news websites
The hackers scrapped popular news websites and created their look-alikes. They also made multiple identities to send emails. The cybersecurity news company tracked 50 such identities, including Anglo-styled names, which the hackers thought Australians would use. These fake names were followed by unique Gmail addresses that lured the victims to a website, using malware to inject malicious code into their devices.
According to the report, the hackers allegedly used a tool called ‘Scanbox’ to check their victims’ profiles, device type (phone, computer, tablet), and the web pages they visited.