South China Sea: US firm accuses Chinese hackers of targeting Malaysia’s Petronas, Australia’s government

Researchers uncovered a phishing campaign targeting Malaysia’s Kasawari gas field, Australia’s government and a wind farm in the Taiwan Strait

US tech security firm Proofpoint said in its report that a group known as TA423, based in China and motivated by espionage, was the likely culprit

Reading Time:2 minutes

Researchers uncovered phishing campaigns targeting Australia’s government and energy projects including Malaysia’s Kasawari gas field and a wind farm in the Taiwan Strait. Photo: Shutterstock

Published: 11:04am, 31 Aug 2022Updated: 11:06am, 31 Aug 2022

Chinese hackers likely targeted energy companies operating in the South China Sea and Australia’s government, according to a US tech security firm, the latest accusation of coordinated cybersnooping by the Asian giant to advance its geopolitical goals.

Researchers uncovered an ongoing phishing campaign lasting more than a year that has been aimed at projects including the Kasawari gas field and a wind farm in the Taiwan Strait, Proofpoint Inc. said in a report on Tuesday. The gas project is in Malaysian waters and operated by Petroliam Nasional Bhd., which declined to comment on the research report. Petronas did say it follows best practices to protect its assets and operations.

Proofpoint said it had “moderate confidence” that the hacking was being performed by a group called TA423, adding it is based in China and motivated by espionage.

The US government and cybersecurity companies have long alleged that China runs expansive hacking operations. In July, Federal Bureau of Investigation Director Christopher Wray warned Western companies that China aims to “ransack” their intellectual property so it can eventually dominate key industries. It operated a “lavishly resourced hacking programme that’s bigger than that of every other major country combined,” he said.

China routinely denies the accusations, saying it is a victim of cyberattacks and countering that the US is the “empire of hacking”. The Foreign Ministry in Beijing didn’t immediately respond to a request for comment on Tuesday.

China claims more than four-fifths of the South China Sea as its own, angering Malaysia, the Philippines and Vietnam. The body of water is one of the world’s busiest shipping routes, and the US estimates that more than 30 per cent of the global maritime crude oil trade passes through it.

Proofpoint said that emails used in the phishing campaign against the Australian government impersonated media organisations including The Australian and Herald Sun to deliver ScanBox malware. PwC Threat Intelligence, which assisted Proofpoint in its research, “assesses it is highly likely that ScanBox is shared privately amongst multiple China-based threat actors,” its report said.