Google threat intelligence uncovered APT41 using Google Calendar as a command and control server to orchestrate malware attacks by embedding encrypted commands within calendar events. Additionally, Sentinel 1 experienced a global outage caused by a software flaw, highlighting the importance of infrastructure security, while new ransomware disclosure rules were implemented in Australia amidst regulatory debates in the US. #APT41 #Sentinel1
Keypoints :
- Googleβs threat team identified APT41 using Google Calendar as a C2 server for malware campaigns involving encrypted commands in calendar events.
- The malware, called tough process, obfuscates its actions through advanced techniques like register-based indirect calls and dynamic address arithmetic.
- Sentinel 1 faced a 7-hour global outage due to a software flaw in its infrastructure control system during a transition to infrastructure as code principles.
- The outage was caused by accidental deletion of network route rules and DNS resolvers, disrupting critical network connectivity.
- Australia implemented new ransomware reporting regulations requiring companies over $3 million AUD to disclose ransom payments within 72 hours.
- In the US, major banks petitioned to rescind the SEC cybersecurity incident disclosure rule citing concerns over vagueness and potential harm.
- The debate over cybersecurity regulations continues globally, with Australiaβs disclosures receiving mixed reactions compared to US pushback.
- Youtube Video: https://www.youtube.com/watch?v=E9CvQ-M12Xg
- Youtube Channel: Hak5
- Youtube Published: Wed, 04 Jun 2025 18:30:26 +0000