Rising Tide: Chasing the Currents of Espionage in the South China Sea

Proofpoint and PwC Threat Intelligence have jointly identified a cyber espionage campaign, active since April 2022 through June, delivering the ScanBox exploitation framework to targets who visit a malicious domain posing as an Australian news website.

REFERENCE: https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea

TAGS: Scanbox, Meterpreter, Javascript, Phishing, RTF

ADVERSARY: TA423 APT40

INDUSTRIES: Banking, Healthcare, Heavy Industry, Media, Manufacturing, Financial, Government

TARGETED COUNTRIES: United States of America, Malaysia, Australia, Japan, Cambodia

MALWARE FAMILY: scanbox

ATT&CK IDS: T1566 - Phishing, T1102 - Web Service, T1195 - Supply Chain Compromise, T1056 - Input Capture, T1574 - Hijack Execution Flow, T1189 - Drive-by Compromise, T1055 - Process Injection, T1518 - Software Discovery, T1095 - Non-Application Layer Protocol, T1140 - Deobfuscate/Decode Files or Information, T1027 - Obfuscated Files or Information, T1036 - Masquerading

Read More:

https://otx.alienvault.com/pulse/630dffd4430a9c2c34cb54c3