Chinese APT41 Exploits Google Calendar for Malware Command-and-Control Operations

Google disclosed that the Chinese state-sponsored group APT41 used malware called TOUGHPROGRESS, which leverages Google Calendar for command-and-control operations. The campaign targeted multiple government entities and involved sophisticated evasion techniques, with Google taking measures to neutralize the threat. #APT41 #TOUGHPROGRESS

Keypoints

APT41 used a malware called TOUGHPROGRESS that exploits Google Calendar for command and control.
The malware was hosted on a compromised government website and targeted multiple governments.
The attack involved spear-phishing emails with ZIP archives disguised as PDFs containing malicious LNK files.
The malware deploys multiple components, including DLLs and process hollowing, for stealth and evasion.
Google responded by removing malicious Calendar entries and related Workspace projects, mitigating the campaign.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print