Google says Chinese hackers are targeting US government Gmail accounts

Phishing
(Image credit: Shutterstock)

Google has warned “high profile” Gmail users working for the US Government that they are potentially being targeted by Chinese state-sponsored threat actors with a phishing attack.

Google’s Threat Analysis Group (TAG) warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email services.

"In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley noted.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Not linked to Ukraine

"Today, we sent those people who were targeted, government-backed attacker warnings. We don't have any evidence to suggest that this campaign was related to the current war in Ukraine."

Earlier this week, TAG also warned of Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organization endpoints with “widespread” phishing and Distributed Denial of Service (DDoS) attacks.

"Over the past two weeks, TAG has observed activity from a range of threat actors that we regularly monitor and are well-known to law enforcement, including FancyBear and Ghostwriter," Huntley said in the report.

Huntley added that it’s hard to determine whether or not the attacks have anything to do with the situation in Ukraine.

Since 2012, Google has been sending out notifications to affected customers, whenever it spots attacks using infrastructure known to be linked to state-sponsored threat actors.

BleepingComputer reminds that Google TAG security engineer Ajax Bash announced the company sent out some 50,000 of these alerts last year. Of that number, almost a third (15,000) were linked to APT28, a threat actor that allegedly has strong ties to Russia’s General Staff Main Intelligence Directorate (GRU).

The last time APT31 made headlines, it was spotted targeting Russian-based organizations with phishing, after which it would distribute never-before-seen malware.

Daniil Koloskov, Senior Threat Analysis Specialist at Positive Technologies observed at the time, that the APT31 was particularly cunning in developing and deploying the malware. Not only did it employ various detection avoiding techniques, but it also self-destructed after accomplishing its goals, wiping all traces of the files and registry keys it created.

“In order to make the malicious library look like the original version, they named it MSVCR100.dll—the library with the exact same name is part of Visual C++ for Microsoft Visual Studio and is present on almost all computers. In addition, it contains as exports the names that can be found in the legitimate MSVCR100.dll,” said Koloskov.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with &#039;F1&#039; written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats