The very same Chinese-linked hackers who previously allegedly targeted the campaigns of both of the 2020 candidates this year have now been trying to trick users into actually installing malware by pretending to be a particular popular antivirus provider known as McAfee. The hackers allegedly used otherwise legitimate services just like Dropbox and GitHub according to an article by Gizmodo.
Google's very own Threat Analysis Group head known as Shane Huntley offered brand new details about the known suspected state-sponsored cyberattackers widely known as the APT 31. The latest tactics were published to Google's blog post.
How did Google catch the 'China hackers'?
Google's own security team has actually uncovered certain high-profile phishing scams that were done by the APT 31 as well as the Iranian state-sponsored hackers that tried to hijack the emails of different campaign staffers as well as both candidates.
On Friday, Huntley also stated that one of the known APT 31's hacking tricks involve emailing certain links that would then download the malicious code that was hosted on a certain open-source platform just like GitHub.
The known malware was actually built using the known Python computing language and it is said to allow the attackers to both upload and also download files and execute certain arbitrary commands through the use of the Dropbox's cloud storage services.
The 'China hackers' allegedly used legitimate services to hide the malicious code
According to Huntley, every actual malicious piece of the attack was being hosted on certain legitimate services resulting in a harder process for defenders to rely on the certain network signals as detection.
Another particular phishing scam actually saw the whole group impersonating the popular McAfee, a legitimate and also very popular antivirus software provider, as a certain facade to quietly slip certain malicious code straight into the target's device.
The attacks have been going on for quite a while
Google, however, did not specify just which organizations or even individuals were being targeted throughout the very latest APT 31-sponsored attacks. The known tech giant stated that it had actually seen an increase in attention on the threats that were brought by the APTs in the known US election. The information was then shared to the Federal Bureau of Investigation or FBI.
It was also stated that Google's own anti-phishing safeguards actually detect a sort of government-backed attack. The company then sends the intended victim a specific warning that a potential foreign government could in fact be targeting them.
Google is currently not the only tech giant that has seen an increase in known cyberattacks way ahead of the election. Back in September, Microsoft actually reported that the Russian, Chinese, and also Iranian government-backed hackers had actually launched some similarly unsuccessful attacks on certain high profile individuals.
Related Article: Cybercriminal 'Fake Parents' Now Target Teachers with Ransomware
This article is owned by Tech Times
Written by Urian Buenconsejo