Google blocked China-linked APT31’s attacks targeting U.S. Government

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. government.

Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S. government.

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages.

APT31 is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after the Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.

In July 2021, the French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers were hijacking home routers to set up a proxy mesh of compromised devices to conceal its attack infrastructure.

The cyberespionage group targeted entities in EU, the United States, Canada in previous campaigns. In August 2021, the APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia.

Yesterday, the Google Threat Analysis Group (TAG) researchers revealed to have blocked attacks against hundreds of Ukrainians conducted by Belarus and Russian state-sponsored hackers.

The attacks have been attributed to the Russia-linked FancyBear group (aka APT28) and the Belarus-linked Ghostwriter (aka UNC1151) APT group.

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. The attackers carried out both phishing campaigns and DDoS attacks.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT31)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.