• Fri. May 24th, 2024

A Group of Chinese Hackers APT41, is Utilizing Google’s Cloud Infrastructure for the Attacks

Avatar photo

ByHarper Stewart

May 5, 2023
A Group of Chinese Hackers APT41 is Utilizing Google Cloud Infrastructure for the Attacks
Harper Stewart
Latest posts by Harper Stewart (see all)

There is a rising tendency among Chinese cybercriminals to employ readily accessible hacking tools.

The Chinese cyber gang HOODOO, which also goes by such names as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti, has been very active ever since 2007. The group is known for carrying out various types of cyberattacks, including targeted attacks against organizations in different industries, such as healthcare, gaming, telecommunications, and more.

Who is Behind the APT41

The group is considered to be one of the most advanced and untraceable hacker gangs originating from China. The Chinese government is believed to sponsor the group, which allows them to operate with relative impunity. HOODOO has been linked to numerous high-profile attacks over the years, including the infamous Equifax data breach in 2017, where they stole the personal data of 145 million people.

APT41 has a history of using a range of openly accessible cybercrime instruments, such as remote access trojans (RATs), password stealers, and other malware, to conduct their operations. In the case of the attack on the Taiwanese media organization, they leveraged a package of such tools, which included Google services and tools, to carry out their attack.

Cyber Attacks Prevention

Google TAG experts closely monitor such activities and work to protect their customers from these types of attacks. They are continuously updating their security measures to detect and mitigate such threats.

A phishing email serves as the initial point of attack, which contains a hyperlink to a password-restricted file uploaded on Google Drive. This file encompasses the widely available Red Teaming tool called “Google Command and Control” (GC2) that was created by enthusiasts and utilized by cybercriminals to read malignant commands from Google Sheets and transfer victim information to the hackers’ cloud storage on the same Google Drive.

Google`s Response

According to Google experts, these attackers have already employed analogous techniques utilizing GC2 during their attack on an Italian employment search website in July 2022.

Google’s research has uncovered two trends: Chinese cybercriminals are using public tools like Cobalt Strike and GC2 to hide their attacks, and malware written in Go is becoming more common due to its compatibility. Google also warns that cloud services are convenient for both regular users and cybercriminals who use them for malware and data theft.

 
Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.