top of page
Search

Rising Tide: Chasing the Currents of Espionage in the South China Sea

Proofpoint and PwC Threat Intelligence have jointly identified a cyber espionage campaign, active since April 2022 through June, delivering the ScanBox exploitation framework to targets who visit a malicious domain posing as an Australian news website.




ADVERSARY: TA423 APT40




MALWARE FAMILY: scanbox


ATT&CK IDS: T1566 - Phishing, T1102 - Web Service, T1195 - Supply Chain Compromise, T1056 - Input Capture, T1574 - Hijack Execution Flow, T1189 - Drive-by Compromise, T1055 - Process Injection, T1518 - Software Discovery, T1095 - Non-Application Layer Protocol, T1140 - Deobfuscate/Decode Files or Information, T1027 - Obfuscated Files or Information, T1036 - Masquerading


Read More:

0 views
bottom of page