A China-based hacking group, APT41, has launched a cyber-espionage campaign targeting government entities using Google Calendar for command-and-control. This campaign involves sophisticated malware, ToughProgress, capable of blending into normal traffic by exploiting legitimate cloud services. #APT41 #ToughProgress
Keypoints
- APT41 is a Chinese state-backed cyber group known for its extensive espionage operations.
- The campaign started with spearphishing emails leading to malicious ZIP archives on hijacked websites.
- The malware ToughProgress uses modular payloads that operate entirely in memory to evade detection.
- Attackers abuse Google Calendar by embedding encrypted data and commands within events.
- Law enforcement agencies have charged Chinese nationals linked to APT41 for various cyber crimes.
Read More: https://therecord.media/china-linked-apt41-exploits-google-calendar-in-cyberattacks