Chinese cyber spies infiltrate Australia with fake news site: Australian Morning News: Red Ladon

Cunning Chinese cyber spies have successfully infiltrated Australian computer systems in a bid to steal sensitive information to aid Beijing’s militarisation of the South China Sea. 

The spies, linked to China’s Ministry of State Security, launched a fake media outlet in order to glean the intelligence from Australians workers with in defence, health, energy and government sectors.

Beijing’s con began with a string of emails in the lead up to the May federal election with a message from a self-described ‘humble’ digital new site called the ‘Australian Morning News’ asking recipients to click on a link which would infect their computers with malware and compromise their privacy. 

Pictured: Chinese navy sailors march at Tiananmen Square in October, 2019

On closer inspection, the site had plagiarised articles, photos and headlines from popular mastheads.

The domain name first registered under the fake name ‘Florence Gourley’ on April 8, 2022. 

The hackers targeted Australia for three months in the lead up to the 2022 vote breaching computers not only Down Under but also in Europe and Malaysia.

However, American cyber security firm Proofpoint along with PwC Threat Intelligence were able to identify the group, The Australian reports. 

Sherrod DeGrippo, vice-president of threat research and detection at Proofpoint, said the Red Ladon hackers were persistent

The government-backed cyber attackers were from a group called Red Ladon, or TA423, and were likely the same group of Chinese spies responsible for a similar attack on Australia two years ago.

Scott Morrison shocked the nation by outlining how un-named ‘state-actors’ had targeted banks, universities, hospitals, transport networks, electricity grids, and the military, as part of a lengthy cyber-warfare campaign in June, 2020.

Insiders at the time claimed the cyber invasion was payback for Australia’s decision to ban Chinese state firm Huawei from the national 5G network in 2018 over national security concerns. 

Between April and June this year, hackers also targeted companies involved with the operations of energy generators in the South China Sea – where the authoritarian power is creating man-made islands in contravention of International law.

Sherrod DeGrippo, vice-president of threat research and detection at Proofpoint, said the Red Ladon spies were particularly ‘cunning and persistent’. 

Beijing’s con began with a string of emails in the lead up to the May federal election with a message from a self-described ‘humble’ digital new site called the ‘Australian Morning News’ (site pictured) asking recipients to click on a link which would infect their computers with malware and compromise their privacy

Pictured: Chinese President Xi Jinping and Australian Prime Minister Anthony Albanese

‘They support the Chinese government in matters related to the South China Sea, including during the recent tensions in Taiwan,’ she told The Australian.  

Ms DeGrippo suspects the group are primarily interested in naval issues in the contested marine territory and have ramped up efforts to access sensitive information as China becomes aggressive in the region.

Proofpoint said the hackers focused their much of their efforts on global manufacturers that operated wind turbines in the South China Sea by using emails with subject lines like ‘sick leave’ and ‘user research’ to access computer systems.

‘TA423/Red Ladon is a China-based, espionage-motivated threat actor that has been active since 2013, targeting a variety of organisations in response to political events in the Asia-Pacific region, with a focus on the South China Sea,’ Proofpoint said.

‘Targeted organisations include defence contractors, manufacturers, universities, government agencies, legal firms involved in diplomatic disputes, and foreign companies involved with Australasian policy or South China Sea operations.’

Between April and June, the cyber hackers targeted local and federal government agencies under the guise of ‘Australian Morning News’ (pictured Chinese troops training in Russia)

Former Prime Minister Scott Morrison in 2021 said China was responsible for a string of attacks which were later condemned in a joint statement co-ordinated with the US, UK, European Union, New Zealand, Canada and NATO. 

Communist Party officials were outraged when Mr Morrison’s government called for an independent inquiry into the origins of the coronavirus pandemic in April 2020.

The call for transparency was met with an array of arbitrary bans and tariffs on key Australian exports including barley, wine, beef, cotton, seafood, coal and timbre.

Intelligence officials also attributed the previous major cyber attack on the Australian parliament last year, as part of Beijing’s campaign to intimidate or bully Australia as tensions over trade foment.