Australian government agencies and companies have been targeted by a sophisticated year-long espionage campaign, according to US cyber security company Proofpoint.
The hackers are known as Red Ladon or Leviathan and are closely aligned with the Chinese government security services, says.
Victims received emails directing them to fake news websites that infected their devices with a harmful code.
This code would allow the hackers to access certain information such as the victim’s browser or the type of device that was being used. This information would then be exploited for future cyberattacks.
The main targets of this, according to Proofpoint, were Australian government officials as well as people involved in energy, shipbuilding and financial services.
"One of the things that's surprising is that the threat actor went so far as to create an entire media site scraping news from the BBC to make it appear that its a legitimate website," said Sherrod DeGrippo, VP of Threat Research at Proofpoint to Euronews.
"They created fake people and fake names that sounded Australian and looked very realistic. The amount of work put into the attack to make it seem real indicates the level of sophistication that we would expect by a cyber espionage group sponsored by a country like China," said DeGrippo.
Chinese authorities have not commented on this cyberattack.
Australia has had a tense relationship these past few years with Beijing.
Relations soured when Canberra banned Chinese tech giant Huawei from the 5G network and called for an inquiry into the origins of Covid-19.
Proofpoint is warning ordinary citizens that even the data they share online connected to their work could make them a target for cyberattacks by foreign countries like China.
"As people who work in technology, we may have special access that might not feel privileged but this could give an advantage to an adversary as Chinese espionage," explained Sherrod DeGrippo.
Last week, the director general of the Australian Signals Directorate (ASD), Rachel Noble, was asked whether Western countries should call out cyberattacks when they are also involved in online espionage.
The hackers are known as Red Ladon or Leviathan and are closely aligned with the Chinese government security services, says.
Victims received emails directing them to fake news websites that infected their devices with a harmful code.
This code would allow the hackers to access certain information such as the victim’s browser or the type of device that was being used. This information would then be exploited for future cyberattacks.
The main targets of this, according to Proofpoint, were Australian government officials as well as people involved in energy, shipbuilding and financial services.
"One of the things that's surprising is that the threat actor went so far as to create an entire media site scraping news from the BBC to make it appear that its a legitimate website," said Sherrod DeGrippo, VP of Threat Research at Proofpoint to Euronews.
"They created fake people and fake names that sounded Australian and looked very realistic. The amount of work put into the attack to make it seem real indicates the level of sophistication that we would expect by a cyber espionage group sponsored by a country like China," said DeGrippo.
Chinese authorities have not commented on this cyberattack.
Australia has had a tense relationship these past few years with Beijing.
Relations soured when Canberra banned Chinese tech giant Huawei from the 5G network and called for an inquiry into the origins of Covid-19.
Proofpoint is warning ordinary citizens that even the data they share online connected to their work could make them a target for cyberattacks by foreign countries like China.
"As people who work in technology, we may have special access that might not feel privileged but this could give an advantage to an adversary as Chinese espionage," explained Sherrod DeGrippo.
Last week, the director general of the Australian Signals Directorate (ASD), Rachel Noble, was asked whether Western countries should call out cyberattacks when they are also involved in online espionage.
