Cybercriminals have added one other authentic instrument to their arsenal, safety researchers are warning – however this time round, it’s a number one open supply undertaking from Google that’s being abused.
Cybersecurity researchers from Google’s Risk Evaluation Group (TAG) recently revealed (opens in new tab) that Chinese language state-sponsored menace actor often known as APT41 is utilizing the Google Command and Management (GC2) purple teaming instrument as they assault organizations world wide.
TAG often investigates state-sponsored actors, and ATP41 is a recognized menace actor which we’ve been reporting on for the previous three years. Apparently, it has been lively since 2014, and in that point, totally different cybersecurity analysis teams gave it totally different names: HOODOO, BARIUM, Winnti, BlackFly, and others.
China strikes once more
GC2 is Google’s open supply undertaking designed for purple teaming actions. Purple teaming refers back to the observe of difficult plans and techniques in a method a menace actor would do it. By purple teaming techniques, organizations can work previous cognitive errors reminiscent of affirmation bias which may typically depart gaping holes of their cybersecurity defenses.
“This program has been developed to be able to present a command and management that doesn’t require any explicit arrange (like: a customized area, VPS, CDN, …) throughout Purple Teaming actions,” it says in GC2’s GitHub repository.
“Moreover, this system will work together solely with Google’s domains (*.google.com) to make detection tougher.”
As per TAG, APT41 used GC2 throughout phishing assaults in opposition to two targets, considered one of which is a media firm in Taiwan.
“In October 2022, Google’s Risk Evaluation Group (TAG) disrupted a marketing campaign from HOODOO, a Chinese language government-backed attacker also referred to as APT41, that focused a Taiwanese media group by sending phishing emails that contained hyperlinks to a password protected file hosted in Drive,” the corporate’s report claims.
“The payload was an open supply purple teaming instrument referred to as “Google Command and Management” (GC2).”
The second goal was a job search web site from Italy. The researchers declare APT 41 tried to make use of the instrument to deploy further malware to focus on endpoints (opens in new tab), with out detailing which malware, precisely.
Through: BleepingComputer (opens in new tab)