Cybercriminals have added one other professional tool to their arsenal, security researchers are warning – however this time round, it’s a main open supply venture from Google that’s being abused.
Cybersecurity researchers from Google’s Threat Analysis Group (TAG) not too long ago revealed (opens in new tab) that Chinese state-sponsored threat actor generally known as APT41 is utilizing the Google Command and Control (GC2) pink teaming tool as they assault organizations around the globe.
TAG normally investigates state-sponsored actors, and ATP41 is a recognized threat actor which we’ve been reporting on for the previous three years. Apparently, it has been energetic since 2014, and in that point, completely different cybersecurity analysis teams gave it completely different names: HOODOO, BARIUM, Winnti, BlackFly, and others.
China strikes once more
GC2 is Google’s open supply venture designed for pink teaming actions. Red teaming refers back to the apply of difficult plans and techniques in a manner a threat actor would do it. By pink teaming techniques, organizations can work previous cognitive errors reminiscent of affirmation bias which might usually depart gaping holes of their cybersecurity defenses.
“This program has been developed in order to provide a command and control that does not require any particular set up (like: a custom domain, VPS, CDN, …) during Red Teaming activities,” it says in GC2’s GitHub repository.
“Furthermore, the program will interact only with Google’s domains (*.google.com) to make detection more difficult.”
As per TAG, APT41 used GC2 throughout phishing assaults in opposition to two targets, one among which is a media firm in Taiwan.
“In October 2022, Google’s Threat Analysis Group (TAG) disrupted a campaign from HOODOO, a Chinese government-backed attacker also known as APT41, that targeted a Taiwanese media organization by sending phishing emails that contained links to a password protected file hosted in Drive,” the corporate’s report claims.
“The payload was an open source red teaming tool called “Google Command and Control” (GC2).”
The second goal was a job search web site from Italy. The researchers declare APT 41 tried to make use of the tool to deploy extra malware to focus on endpoints (opens in new tab), with out detailing which malware, precisely.
- These are the most effective firewalls (opens in new tab) proper now
Via: BleepingComputer (opens in new tab)
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : TechRadar – https://www.techradar.com/news/chinese-hackers-have-turned-googles-ethical-hacking-tool-into-a-genuine-security-threat