Google says Chinese hackers are targeting US government Gmail accounts

News
By published

No evidence of any connections to the Ukraine war, Google claims

Phishing
(Image credit: Shutterstock)

Google has warned “high profile” Gmail users working for the US Government that they are potentially being targeted by Chinese state-sponsored threat actors with a phishing attack.

Google’s Threat Analysis Group (TAG) warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email services.

"In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley noted.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Not linked to Ukraine

"Today, we sent those people who were targeted, government-backed attacker warnings. We don't have any evidence to suggest that this campaign was related to the current war in Ukraine."

Earlier this week, TAG also warned of Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organization endpoints with “widespread” phishing and Distributed Denial of Service (DDoS) attacks.

"Over the past two weeks, TAG has observed activity from a range of threat actors that we regularly monitor and are well-known to law enforcement, including FancyBear and Ghostwriter," Huntley said in the report.

Huntley added that it’s hard to determine whether or not the attacks have anything to do with the situation in Ukraine.

Read more

> Chinese hackers are reportedly now deploying malware on targets in Russia

> Google shares more details on some of the biggest DDoS attacks ever recorded

> Chinese hackers cloned a Windows security flaw stolen from the NSA

Since 2012, Google has been sending out notifications to affected customers, whenever it spots attacks using infrastructure known to be linked to state-sponsored threat actors.

BleepingComputer reminds that Google TAG security engineer Ajax Bash announced the company sent out some 50,000 of these alerts last year. Of that number, almost a third (15,000) were linked to APT28, a threat actor that allegedly has strong ties to Russia’s General Staff Main Intelligence Directorate (GRU).

The last time APT31 made headlines, it was spotted targeting Russian-based organizations with phishing, after which it would distribute never-before-seen malware.

Daniil Koloskov, Senior Threat Analysis Specialist at Positive Technologies observed at the time, that the APT31 was particularly cunning in developing and deploying the malware. Not only did it employ various detection avoiding techniques, but it also self-destructed after accomplishing its goals, wiping all traces of the files and registry keys it created.

“In order to make the malicious library look like the original version, they named it MSVCR100.dll—the library with the exact same name is part of Visual C++ for Microsoft Visual Studio and is present on almost all computers. In addition, it contains as exports the names that can be found in the legitimate MSVCR100.dll,” said Koloskov.

Via: BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with &#039;F1&#039; written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
The Tecknet N5 Laptop Cooling Pad on a pink background at a 3/4 angle.

This laptop cooling pad isn't all that stunning – but my testing shows it offers seriously cool running
See more latest
Most Popular
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with &#039;F1&#039; written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user&#039;s hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies&#039; security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Sony UBP-X700/K shown from the front
Sony launches new version of the best cheap 4K Blu-ray player that drops the streaming tech – but the price looks odd