Misleading news websites used by hackers to target workers in the energy sector
Over the weekend, some malicious persons stole and copied some reports from the BBC News website. Articles on the false website have been copied from BBC News. According to famous US security companies, the computer hackers created a false news website to collect information from officials from the Australian government, journalists and other people.
All the victims involved were sent emails that seemed to be from Australian news organisations, including links to illegal websites. Clicking on the link will automatically provide some malicious code on their devices that users generated from articles that BBC News has plagiarised. According to ProofPoint, it was quite sure that the hacker was acting for the Chinese government.
"We accept attribution quite severely", Proofpoint threat research and detection vice president Sherrod DeGrippo said. We especially don't reveal attribution unless we have strong confidence. He further stated that a big part of their attribution capability comes from the United States Department of Justice agreeing with the attribution and data they released.
Proofpoint addressed the hackers as part of the group from which we had only charged four people in 2021. The UK's National Cyber Security Centre said it is almost sure they are associated with the Chinese government. They target organisations in response to political events in the Asia-Pacific region.
A request for a response has been made to the Australian Cyber Security Centre. Proofpoint explained that in the most recent hack, victims had raised the alarm over receiving emails pretending to be from an individual who launched a news website between April and June. Victims who received such mails were requested to review the website and consider subscribing to it.
Anglo-sounding names '
Ms DeGrippo, in her words, said she is amazed that they went as far as to build their fraudulent media websites by copying legitimate websites, such as the BBC. They also tried to appear legitimate by creating different identities from which they sent messages, adding to their previous actions.
The hackers were around 50 in number, and all have names that are very typical of Anglo-American names that you may associate with Australians. To make the act seem more credible, they generated fictitious identities. The fictitious names used were Blair Goodland, Daisha Manalo, and Bethel Giffen, each with a special Gmail address.
The attack appeared to target individuals working in the energy industry, including those engaged in offshore energy exploration in the South China Sea, the production of wind turbines, and alternative energy sources, as well as defence contractors, people in the healthcare, and people in the financial services industries. According to Ms DeGrippo, Chinese espionage agencies usually do not have consumers on their radar.
Even while dealing with things like engineering might not seem like state secrets, China views such subjects as crucial espionage information and anyone with a sensitive function in their professional career as such.
People should ensure their browsers are up to date and that their firewall and antivirus software is turned on, according to Ms DeGrippo.
BBC also advised organisations professionally to review the kinds of data their employees have access to and if they have the right technology measures to protect their people from these attacks. When it reaches a person, it's already too late.