Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.
The campaign, active from April to June of this year, targeted Australian government agencies, Australian media companies and manufacturers who conduct maintenance on wind turbine fleets in the South China Sea. Proofpoint said the victim profile was similar to a June 2021 TA423 threat that delivered a downloader in DLL format via RTF template injection.
According to the researchers, victims were sent phishing emails that directed them to faked versions of Australian news outlets The Herald Sun and The Australian. Both outlets are part of Rupert Murdoch’s media empire.