APT‑TA423 Uses ScanBox JavaScript Keylogger in News Site Watering‑Hole Attack

An APT group identified as TA423 weaponized the open‑source ScanBox reconnaissance tool and embedded it in compromised JavaScript on several high‑traffic news websites. Visitors to these sites were silently served the malicious script, which logs keystrokes, captures login credentials, and gathers system information before exfiltrating the data to command‑and‑control servers.

The campaign poses a broad credential‑theft risk to journalists, researchers, and any users accessing the affected outlets, potentially providing the attackers with footholds in target organizations. Defenders should update web‑filtering rules, monitor for unexpected ScanBox traffic signatures, and employ script‑blocking or CSP policies to mitigate similar watering‑hole threats.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article