by Daniel Croft
Countries and leaders who met for the G7 summit last month have drawn the attention of what are believed to be China-based hackers.
The threat actors behind the malicious activity launched a scam email campaign posing as the Indonesian ministries of foreign and economic affairs, targeting the countries of France, Singapore, the United Kingdom, and Australia.
The G7 (Group of Seven) is made up of Australia, Brazil, the Cook Islands, Comoros, India, Indonesia, the Republic of Korea, Ukraine, and Vietnam. The meeting of the seven nations last month occurred in Hiroshima, Japan.
Hackers attached a document to the emails sent to the victim nations’ leaders that imitated action statements and security points from the G7 meeting, pushing several of China’s policy points.
The email also attempted to convince leaders to download malicious software, with the goal of espionage and collecting classified information.
When the attacked document is opened, an infostealer malware is installed, capable of monitoring network activity, collecting passwords, tracking keystrokes and granting the hackers with remote access.
Analysts from cyber security organisation SentinelOne speaking with the AFR have said that while it is unable to conclude that the hacking group was backed by the country’s communist government, it was able to detect signs that the threat actors were based in China, based on the software writer used and techniques they used.
“We’ve tracked it back to previous TTP [tactics, techniques, procedures] known to be associated with Chinese groups,” said SentinelOne vice-president of cyber threat response and former USB FBI senior digital forensic analyst Brian Hussey.