Congratulations to @threatinsight researcher @aRtAGGI for presenting his research today at @CYBERWARCON, which links #Leviathan #TA423 #RedLadon campaigns against offshore energy companies in the #SouthChinaSea to kinetic maritime operations conducted by the Chinese Coast Guard! 
Researchers at @proofpoint identified RTF template injection campaigns from June 2021 - March 2022 targeting hydrocarbon exploration & offshore energy sectors just before Chinese Coast Guard intervention at key sites indicating a tie between cyber espionage & manned maritime ops.
A full technical analysis of this years-long cyber espionage operation was published earlier this year alongside talented guest author @cyberoverdrive! ow.ly/wLSW50LzmpM
Key technical & temporal correlations may indicate that Leviathan as a CN MSS contractor, may be servicing the intelligence needs of the CN Coast Guard. The 2021 CCG Law requires the CCG to patrol and prevent foreign energy operations in contested waters of the South China Sea.
Contested sovereignty claims in the South China Sea have given rise to increasing grey-zone conflict in the region, which now clearly include the support of known nation-state APT actors.
While the most prominent case of kinetic maritime support was observed in Malaysia, Leviathan also was seen targeting the supply chain of Taiwanese windfarms in March 2022.
With the global #offshoreenergy sector growing in the #SouthChinaSea and grey-zone conflict expanding, @threatinsight forecasts that known APTs will continue to conduct cyber espionage in the region in the future.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
