Google revealed that APT41, a Chinese state-sponsored threat actor, exploited a malware called TOUGHPROGRESS via Google Calendar for command-and-control. Discovered in late October 2024, the malware was hosted on a compromised government website, targeting various government entities. This group, known for its cyber operations against multiple industry verticals globally, previously employed other techniques in attacking entities in several countries. The recent campaign involved spear-phishing emails linked to a malicious ZIP file leading to infection through decoy documents.
Misuse of cloud services for C2 is a technique that many threat actors leverage in order to blend in with legitimate activity.
APT41 is a prolific nation-state group known for its targeting of governments and organizations within the global shipping and logistics, media and entertainment, technology, and automotive sectors.
Collection
[
|
...
]