The same Associated with the Chinese government Hackers targeting both presidential candidates’ campaigns for 2020 earlier this year tried to cheat user into installing malware posing as the Antivirus provider McAfee and use of otherwise legitimate online services like GitHub and Dropbox.
Shane Huntley, the Head of Google’s Threat Analysis Group, offered new details about the probably state sponsored cyberattacker, known as APT 31 and their latest tactics in the a company blog entry on Friday. in the June, Google’s security team uncovered top-class Phishing Amounted to by APT 31 and government sponsored Iranian hackers intended hijack the email accounts of Campaign staff with President Donald Trump and Democratic candidate Joe Biden. (All of them Phishing attempts seemed to have failed, said Google at the time).
On Friday Huntley said that one of the latest APT 31 chop technologys involved email links that would download malicious code hosted on the open source GitHub platform. The malware was created with the computer language Python and “Would allow the attacker to upload, download and arbitrarily execute files Commands ” Dropbox’s cloud storage services, he wrote.
“Every malicious part of this attack was hosted on legitimate services, making it more difficult for defenders to rely on network signals to detect, ”said Huntley said.
Another phishing scam saw the group imitate McAfee, a legitimate and Popular AntiVirus software provider, as Facade to slide quietly malicious code ontÖ the machine of the target.
“The targets would be prompted to install a legitimate version of McAfee antivirus software from GitHub while malware was being installed on the system unattended. ”
Google has not indicated which organizations or individuals these latest APT 31 sponsored attacks are targeting or whether they involve any of the candidates political campaign. The tech giant just said that it had seen “increased attention to the threats posed by APTs in connection with the US elections” and shared these latest findings with the Federal Bureau of Investigation.
“US government agencies have warned of various threat actors, and we have worked closely with those agencies and others in the tech industry to share pointers and information about what we are seeing across the ecosystem, “said Huntley.
He added that I didn in the event that Google’s antiDetect phishing protections In a government-sponsored attack, the company sends the intended victim a warning stating that a foreign government may be targeting them.
Google isn’t the only tech giant that sees something an increase in Cyberattacks The vote. In September, Microsoft reported that hackers were sponsored by the Chinese, Russian and Iranian governments would have started similarly unsuccessful attacks related to high profile people both the Trump and Biden campaigns. Last week the FBI and the US Cybersecurity and Infrastructure Security Agency also published details through campaigns by foreign government-related hackers to exploit federal, state and local government networks.