Chinese hackers tied to attacks on South China Sea energy companies: US tech firm

The US government and cybersecurity companies have long alleged that China runs expansive hacking operations. PHOTO: ISTOCKPHOTO

NEW YORK (BLOOMBERG) - Chinese hackers likely targeted energy companies operating in the South China Sea and the Australian government, according to a US tech security firm, the latest accusation of coordinated cybersnooping by the Asian nation to advance its geopolitical goals.

Researchers uncovered an ongoing phishing campaign lasting more than a year that has been aimed at projects including the Kasawari gas field and a wind farm in the Taiwan Strait, Proofpoint said in a report on Tuesday (Aug 30).

The gas project is in Malaysian waters and operated by Petroliam Nasional which declined to comment on the research report. Petronas did say it follows best practices to protect its assets and operations.

Proofpoint said it had "moderate confidence" that the hacking was being performed by a group called TA423, adding it is based in China and motivated by espionage.

The US government and cybersecurity companies have long alleged that China runs expansive hacking operations.

In July, Federal Bureau of Investigation Director Christopher Wray warned Western companies that China aims to "ransack" their intellectual property so it can eventually dominate key industries.

It operated a "lavishly resourced hacking programme that's bigger than that of every other major country combined," he said.

China routinely denies the accusations, saying it is a victim of cyberattacks and countering that the US is the "empire of hacking".

The Foreign Ministry in Beijing didn't immediately respond to a request for comment on Tuesday.

China claims more than four-fifths of the South China Sea which is disputed by Malaysia, the Philippines and Vietnam.

The body of water is one of the world's busiest shipping routes, and the US estimates that more than 30 per cent of the global maritime crude oil trade passes through it.

Proofpoint said that emails used in the phishing campaign impersonated Australian media organisations including The Australian and Herald Sun to deliver ScanBox malware.

PwC Threat Intelligence, which assisted Proofpoint in its research, "assesses it is highly likely that ScanBox is shared privately amongst multiple China-based threat actors", its report said.

News Corp representatives in Australia didn't immediately respond to a request for comment.

Proofpoint said a ScanBox campaign running from April to June targeted agencies of the Australian government at both the local and federal level.

An earlier phishing effort centred on a European maker of heavy equipment for a wind farm in the Taiwan Strait, the report added.

Mr Sherrod DeGrippo, vice-president of threat research and detection at Proofpoint, said TA423's "focus on naval issues is likely to remain a constant priority in places like Malaysia, Singapore, Taiwan and Australia".

Join ST's Telegram channel and get the latest breaking news delivered to you.