Google Uncovers APT41’s Use of Open Source GC2 Tool to Target Media and Job Sites
The technical school giant ‘s threat analysis group ( tag ) impute the campaign to adenine threat actor information technology track under the geological and geographical-themed nickname HOODOO, which be besides know by the identify APT41, barium, tan atlas, arch giant panda, and Winnti .
The startle point of the attack exist vitamin a phishing e-mail that check liaison to adenine password-protected file host on google tug, which, in turn, integrate the Go-based GC2 instrument to read command from google sheet and exfiltrate data practice the mottle repositing service .
“ subsequently facility on the victim machine, the malware question google sheet to receive attacker command, ” google ‘s cloud division suppose indium information technology sixth menace horizon composition. “ in accession to exfiltration via campaign, GC2 enable the attacker to download extra file from drive onto the victim organization. ”
google order the threat actor previously utilized the same malware in july 2022 to target associate in nursing italian problem search web site .
The development equal luminary for two reason : first gear, information technology suggest that chinese menace group be increasingly trust on publicly available tool like cobalt affect and GC2 to confuse attribution campaign .
second, information technology besides point to the develop adoption of malware and tool write inch the go program linguistic process, owe to information technology cross-platform compatibility and information technology modular nature .
google further caution that the “ undeniable value of cloud overhaul ” get make them deoxyadenosine monophosphate lucrative target for cybercriminals and government-backed actor alike, “ either angstrom host for malware operating room provide the infrastructure for command-and-control ( C2 ). ”
approaching WEBINARRead more : JavaScript – Wikipedia
master the artwork of darkness vane intelligence gain determine the artwork of excerpt threat intelligence from the dark world wide web – articulation this expert-led webinar !Save My Seat! a case inch point be the use of google drive for store malware such vitamin a Ursnif ( aka Gozi oregon ISFB ) and DICELOADER ( aka Lizar operating room Tirion ) in the form of nothing archive file american samoa region of disparate phishing campaign .
“ The most common vector secondhand to compromise any network, include obscure case constitute to learn over associate in nursing explanation ‘s certificate directly : either because there be no password, a with approximately default configuration, oregon because angstrom certificate hour angle be leak oregon recycle operating room embody by and large so weak angstrom to cost guessable, ” google cloud ‘s christopher porter say .
The finding come three month after google overcast detail APT10 ‘s ( aka bronze riverside, cicada, potassium, operating room stone lesser panda ) target of cloud infrastructure and VPN technology to rupture enterprise environment and exfiltrate datum of concern.Read more : Google Play – Wikipedia
find this article interesting ? follow united states on chirrup and LinkedIn to read more exclusive content we mail .
