Google Reports APT41’s Exploitation of Open Source GC2 Tool to Target Media and Job Websites
April 17, 2023
Cyber Threat / Cloud Security
A Chinese nation-state group has reportedly targeted an unnamed Taiwanese media outlet using an open-source red teaming tool called Google Command and Control (GC2). This activity is part of a larger trend of utilizing Google’s infrastructure for malicious purposes. Google’s Threat Analysis Group (TAG) attributes the operation to a threat actor known as HOODOO, also identified as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti. The attack begins with a phishing email that includes links to a password-protected file on Google Drive. This file contains the Go-based GC2 tool, which retrieves commands from Google Sheets and exfiltrates data via the cloud storage service. “Once installed on the victim’s machine, the malware queries Google Sheets for attacker commands,” stated Google’s cloud division in its latest Threat Horizons Report.
Cyber Threat / Cloud Security
APT41 Exploits Open Source Tool to Target Taiwanese Media Outlets In a recently uncovered cyber operation, Google’s Threat Analysis Group (TAG) reported that a Chinese state-sponsored threat actor known as APT41 has aimed its sights on a Taiwanese media organization. This campaign involved the use of a red teaming tool…
Google Reports APT41’s Exploitation of Open Source GC2 Tool to Target Media and Job Websites
April 17, 2023
Cyber Threat / Cloud Security
A Chinese nation-state group has reportedly targeted an unnamed Taiwanese media outlet using an open-source red teaming tool called Google Command and Control (GC2). This activity is part of a larger trend of utilizing Google’s infrastructure for malicious purposes. Google’s Threat Analysis Group (TAG) attributes the operation to a threat actor known as HOODOO, also identified as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti. The attack begins with a phishing email that includes links to a password-protected file on Google Drive. This file contains the Go-based GC2 tool, which retrieves commands from Google Sheets and exfiltrates data via the cloud storage service. “Once installed on the victim’s machine, the malware queries Google Sheets for attacker commands,” stated Google’s cloud division in its latest Threat Horizons Report.