Pierluigi Paganini
March 09, 2022
Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government.
The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages.
Update on recent batch of Google TAG Government Backed Attack Warnings:
— Shane Huntley (@ShaneHuntley) March 8, 2022
In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government. 100% of these emails were automatically classified as spam and blocked by Gmail.
APT31 is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after the Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.
In July 2021, the French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers were hijacking home routers to set up a proxy mesh of compromised devices to conceal its attack infrastructure.
The cyberespionage group targeted entities in EU, the United States, Canada in previous campaigns. In August 2021, the APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia.
Yesterday, the Google Threat Analysis Group (TAG) researchers revealed to have blocked attacks against hundreds of Ukrainians conducted by Belarus and Russian state-sponsored hackers.
The attacks have been attributed to the Russia-linked FancyBear group (aka APT28) and the Belarus-linked Ghostwriter (aka UNC1151) APT group.
Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. The attackers carried out both phishing campaigns and DDoS attacks.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, APT31)
[adrotate banner=”5″]
[adrotate banner=”13″]
