Chinese nation-state group HOODOO, also known as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti, used a phishing email to deliver an open source red teaming tool known as Google Command and Control (GC2) to an unnamed Taiwanese media organization.
The tool enabled the attacker to read commands from Google Sheets and exfiltrate data using Google Drive.
Google’s Threat Analysis Group (TAG) tracked the activity and noted that the same malware had previously been used to target an Italian job search website.
The use of Google Drive for storing malware and the adoption of malware and tools written in Go programming language suggest that Chinese threat groups are increasingly relying on publicly available tooling to confuse attribution efforts.
Google Cloud warned that cloud services have become a lucrative target for attackers due to their undeniable value.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply