APT TA423 Uses Watering‑Hole on Australian News Sites to Deploy ScanBox Keylogger

A series of watering‑hole attacks attributed to the China‑based APT group TA423 have been observed targeting popular Australian news websites. The attackers inject malicious JavaScript that loads the ScanBox reconnaissance framework onto the browsers of any visitor. ScanBox includes a lightweight keylogger that records keystrokes, gathers system details, and then exfiltrates the data to command‑and‑control servers.

The compromise enables the theft of credentials, personal information, and potentially internal network details, giving the threat actor a foothold for further espionage or lateral movement. Defenders should prioritize monitoring for suspicious JavaScript payloads on high‑traffic sites, enforce strict content security policies, and employ network‑level detection of outbound ScanBox traffic to mitigate this emerging threat.

Categories: Data Breaches, Threat Intelligence, Compliance & Regulation

Source: Read original article