Leviathan, a Chinese APT [advanced persistent threat] actor and contractor known to support the Chinese Ministry of State Security, is targeting the supply chains of naval defense and energy exploration entities active in the South China Sea. According to continuous phishing operations identified by Proofpoint since mid-2021, this group has continued their campaigns without interruption since the US DOJ indictment in July of that year.

In a recent presentation at CYBERWARCON 2022, Poofpoint’s Michael Raggi presented a previously undisclosed link to a Chinese State service branch actively carrying out maritime patrols and harassing energy projects in the South China Sea.