All news with #scanbox tag

Watering-Hole Campaign Deploys ScanBox Keylogger Nearby

🕵️ A China-linked actor, assessed as APT TA423 (Red Ladon), used targeted phishing and watering-hole pages to serve the ScanBox JavaScript reconnaissance framework to Australian domestic organizations and offshore energy firms between April and mid‑June 2022. The injected script acts as a browser-based keylogger and conducts extensive fingerprinting, enumerating OS, plugins, extensions, WebRTC and Flash. ScanBox further leverages STUN and ICE via WebRTC to establish peer connections and reach hosts behind NAT, enabling covert collection of typed data without writing malware to disk. Proofpoint and PwC researchers link the campaign to TA423 and note its likely intelligence focus on regional maritime and naval activity.