9 Dec 2022 | Asia Cyber Summary

In the spotlight this week:

• Four Chinese Nationals Charged in Sydney Over Sophisticated Cyber Scam
• Chinese Hackers’ Covid-Relief Fraud Expands Cyber Threats to US
• North Korean Hackers Exploit Seoul Tragedy to Spread Malware
• Stolen Data of 5 Million People Sold on Bot Markets
• Cyber Attack on Key South Australian Government Partner Under Investigation
  ‍

Four Chinese Nationals Charged in Sydney Over Sophisticated Cyber Scam

Four Chinese nationals residing in Sydney have been charged with involvement in an international cyber scam that has stolen more than USD 100 million globally. The highly sophisticated investment scam involved hacking legitimate electronic trading software that is provided to clients by licensed foreign exchange brokers. The hackers registered Australian businesses with the Australian Securities and Investments Commissions to make fraud attempts appear more legitimate. Australian police have frozen over $22.5 million across 24 bank accounts in relation to the fraud. Investigations are still being conducted to determine the extent of the fraud and how much money was taken from Australian investors.

‍

Chinese Hackers’ Covid-Relief Fraud Expands Cyber Threats to US

The US Secret Service has alleged that Chinese state-sponsored hacking group APT41 has stolen USD 20 million in US Covid-19 relief funds distributed as pandemic relief. This incident is believed to be the first time the group has been publicly confirmed to have targeted US government funds. The group has typically been known for cyber espionage and financial crimes. This hacking incident demonstrates APT41’s potential to defraud the US on a larger scale, given the depth of information it has collected on the American public. The theft is not likely an isolated incident, despite the fact that there are now insufficient details to analyze the security flaws that resulted in fraudulent behavior involving the relief funds.

‍

North Korean Hackers Exploit Seoul Tragedy to Spread Malware

North Korean-backed hackers, known as APT37, were found to have taken advantage of the tragic Halloween crush in the South Korean capital to disseminate malware in the nearby state. The hackers planted malicious software in Microsoft Office documents designed to look like a South Korean government report on the Halloween crush. The document, titled “221031 Seoul Yongsan Itaewon accident response situation (06:00).docx”, references the tragic incident in Seoul on October 29, when thousands of Halloween revelers packed into a narrow alleyway in the nightlife district of Itaewon, leading to 158 people dying.  APT37 group, is known to target users in its neighboring country, defectors from the Pyongyang regime, policy makers, journalists, and human rights activists.

‍

Stolen Data of 5 Million People Sold on Bot Markets

According to a report from one of the world’s largest virtual private network (VPN) service providers, approximately five million people globally have had their data sold on the bot market to date. Bot markets are used by hackers to sell stolen data from victims’ devices using bot malware. About 600,000 of those affected were from India, making it the worst affected country. User logins, cookies, digital fingerprints, screenshots, and other data were among the stolen data.

‍

Cyber Attack on Key South Australian Government Partner Under Investigation

A cyber attack last month on a large engineering company, Aurecon, with many high-profile South Australian contracts and work on national defense programs was forced to shut down all of its internet platforms. Aurecon Group, an international design, engineering and advisory company, with more than 6500 employees around the world and 15 offices around Australia. Current projects undertaken by the company include the Torrens to Darlington section of the North-South Corridor.