AUKUS (Australia-United Kingdom-United States) is a strategic military alliance between these territories that became a reality in 2021, whose main objective is to build nuclear-powered submarines to counter the threat from China in the Indo-Pacific region. This agreement also includes the sharing of cyber capabilities and other submarine technologies. Some sources point out that this is not a security pact, but is rather intended to “elevate the intelligence and deterrence value of conventional capabilities”.
The key facts of this alliance are as follows:
- The US pledged to invest $4.6 billion in the deal. Australia, for its part, will buy at least three second-hand submarines from the US early in the next decade. However, the US Congress has yet to approve this transaction. In addition, Australia will build a fleet of eight nuclear submarines. The first of these is expected to be ready in 2042.
- This partnership has upset both France and China. Australia will terminate the contract awarded to France to build 12 diesel-electric submarines. The importance of these submarines is reflected in their capabilities: compared to traditional submarines, they have a longer range, are harder to detect, can remain submerged for months and have a greater carrying capacity. However, they are larger, which is why nuclear submarines are more vulnerable to attack from the surface.
- Last year, China called the deal “destabilising” and “provocative”. Mao Ning, spokesperson for China’s Foreign Ministry, said at a press conference on 9th March that Australia is contributing to the proliferation of nuclear weapons, is promoting an arms race and that this agreement only destabilises the Asia-Pacific region. In addition, China issued the following threat: “Australian troops are also more likely to be the first group of Western soldiers to waste their lives in the South China Sea”.
The Lab52 team has already detected the possibility that actors associated with China, especially Mustang Panda, could carry out attacks against the Australian government, notifying its clients.
Lab52 has found a zip file named Biography of Senator the Hon Don Farrell.zip. Hon Don Farrell is the current Australian Secretary of State for Trade and Tourism, indicating a targeted campaign against Australia.
The zip drops two files. On the one hand, the legitimate application for process pdf files Solid PDF Creator, renamed as “Biography of Senator the Hon Don Farrell/Biography of Senator the Hon Don Farrell.exe”, on the other hand, we have seen a malicious payload named SolidPDFCreator.dll. Persistence is done through a Dll Side Loading by the stager.
C:\Windows\SysWOW64\cmd.exe /C copy SolidPDFCreator.dll C:\Users\Public\Libraries\PhotoTvRHD\SolidPDFCreator.dll & reg add “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run” /v SolidPDF /t reg_sz /d “C:\Users\Public\Libraries\PhotoTvRHD\SolidPDFCreator.exe” /F & schtasks /F /Create /TN SolidPDF /SC minute /MO 1 /TR C:\Users\Public\Libraries\PhotoTvRHD\SolidPDFCreator.exe
After that, the stager tries to impersonate common Microsoft update communications, hardconding a legitimate host header www.asia.microsoft.com, which, in fact, is requesting against 123.253.35[.]231 as C2.
It is worth noting that it does not download the PlugX malware in the first instance, as usual, but, similar to what has been reported previously by Talos Intelligence  or Cisco , it uses a custom-developed stager, subsequently providing the attacker with a reverse shell for a PlugX deployment.
As can be seen, China has developed cyber capabilities that allow it to respond quickly to any geopolitical event that might affect its interests. The AUKUS treaty has been a regional destabilisation for China, and more campaigns are expected to continue to target Australia. Lab52 highlights how tracking and monitoring events in international relations allows us to understand the motivations of key actor-states.
 – https://blog.talosintelligence.com/mustang-panda-targets-europe/
 – https://gblogs.cisco.com/jp/2022/05/talos-mustang-panda-targets-europe/
Leave a Reply