A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group (APT) is targeted messages that supposedly link back to Australian news websites.
The cyber-espionage campaigns are believed to have launched April 2...
In the skeptical mode, this article provides a detailed account of a cyber-espionage campaign attributed to the China-based APT TA423 or Red Ladon. The article discusses the tactics, techniques, and procedures (TTPs) employed by the group, including the use of targeted phishing emails and ScanBox framework for reconnaissance. However, it's essential to acknowledge that attribution in cybersecurity is often challenging, and while multiple reports associate TA423 with the Chinese government, defin...