The Chinese group that Google is referring to as APT 31 (short for Advanced Persistent Threat) used email links from where users would download malware.
Google has unearthed a massive malware campaign allegedly run by hackers linked to the Chinese government. In a blog post, Google has shared the modus operandi of the campaign. As per Google, the hackers were running the campaign under the guise of McAfee antivirus software. The hackers seem to be the same group that targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year.
Apart from this, the company noted that a similar group of Iran based hackers had tried to target President Trump’s campaign. Both of the attempts remained unsuccessful.
“The Iranian attacker group (APT35) and the Chinese attacker group (APT31) targeted campaign staffers’ personal emails with credential phishing emails and emails containing tracking links. As part of our wider tracking of APT31 activity, we’ve also seen them deploy targeted malware campaigns,” Google said.
The Chinese group that Google is referring to as APT 31 (short for Advanced Persistent Threat) used email links from where users would download malware. The malware hosted on GitHub further allowed the attackers to upload and download files along with command execution. As GitHub and Dropbox were used for such attacks, Google said it was difficult to track them. According to the head of Google’s Threat Analysis Group Shane Huntley, the malicious attacks were hosted on legitimate services which made it harder for defenders to focus on network signals for detection. “The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system,” said Huntley.
Google said that when they detect a user being a target of a government-backed attack, the company sends a prominent warning. Even in cases like these, the company shared the findings with the campaigns as well as the Federal Bureau of Investigation, Google claimed. Apart from this, Google has seen an increased attention “on the threats posed by APTs” as the US election approaches. It said that the government agencies in the US have also warned about different threat actors. Therefore, the company has worked closely with those agencies along with others in the tech industry in order to share any kind of leads and intelligence.