19 October 2020

Google sheds light on tactics of APT31 that targeted Joe Biden’s campaign in June


Google sheds light on tactics of APT31 that targeted Joe Biden’s campaign in June

Google’s Threat Analysis Group (TAG) has provided some details about the tactics of the APT31 group linked to Chinese government, the same group that targeted, albeit unsuccessfully, the presidential campaign of former Vice President Joe Biden with a phishing attack in June this year.

While tracking APT31 activity the TAG researchers observed the group deploy targeted malware campaigns. In one instance, the hackers launched phishing attacks with emails containing links to a python-based malware hosted on GitHub that allowed the attackers to upload and download files on networks, as well as execute arbitrary commands. The implant was using Dropbox for command and control purposes.

“Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” TAG said.

In another campaign the hackers have been impersonating anti-virus software from McAfee in order to install malicious code on the victim’s system.

The TAG team did not reveal who was affected by APT-31’s latest attacks, but they mentioned that they’ve “seen increased attention on the threats posed by APTs in the context of the U.S. election.”

Google has also warned of increase in attacks by North Korea groups against COVID-19 researchers and pharmaceutical companies.

“One campaign used URL shorteners and impersonated the target’s webmail portal in an attempt to harvest email credentials. In a separate campaign, attackers posed as recruiting professionals to lure targets into downloading malware,” the blog post said.





Back to the list

Latest Posts

Vulnerability summary for the week: November 27, 2020

Vulnerability summary for the week: November 27, 2020

A weekly vulnerability digest.
27 November 2020
Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

An employee of the Albert Einstein Hospital uploaded on his personal GitHub account a spreadsheet containing usernames, passwords, and access keys to electronic systems of the Ministry of Health.
27 November 2020
Sophos security breach exposes customers’ data

Sophos security breach exposes customers’ data

The company said that the incident affected "only a small subset of customers."
27 November 2020