Cybercriminals have added one other reputable device to their arsenal, safety researchers are warning – however this time round, it’s a number one open supply undertaking from Google that’s being abused.

Cybersecurity researchers from Google’s Risk Evaluation Group (TAG) not too long ago revealed (opens in new tab) that Chinese language state-sponsored risk actor referred to as APT41 is utilizing the Google Command and Management (GC2) purple teaming device as they assault organizations world wide.

TAG often investigates state-sponsored actors, and ATP41 is a recognized risk actor which we’ve been reporting on for the previous three years. Apparently, it has been energetic since 2014, and in that point, totally different cybersecurity analysis teams gave it totally different names: HOODOO, BARIUM, Winnti, BlackFly, and others. 

China strikes once more

GC2 is Google’s open supply undertaking designed for purple teaming actions. Crimson teaming refers back to the follow of difficult plans and methods in a means a risk actor would do it. By purple teaming methods, organizations can work previous cognitive errors comparable to affirmation bias which may usually go away gaping holes of their cybersecurity defenses. 

“This program has been developed with a view to present a command and management that doesn’t require any specific arrange (like: a customized area, VPS, CDN, …) throughout Crimson Teaming actions,” it says in GC2’s GitHub repository.

“Moreover, this system will work together solely with Google’s domains (*.google.com) to make detection tougher.”

As per TAG, APT41 used GC2 throughout phishing assaults towards two targets, certainly one of which is a media firm in Taiwan.

“In October 2022, Google’s Risk Evaluation Group (TAG) disrupted a marketing campaign from HOODOO, a Chinese language government-backed attacker often known as APT41, that focused a Taiwanese media group by sending phishing emails that contained hyperlinks to a password protected file hosted in Drive,” the corporate’s report claims.

“The payload was an open supply purple teaming device referred to as “Google Command and Management” (GC2).”

The second goal was a job search web site from Italy. The researchers declare APT 41 tried to make use of the device to deploy extra malware to focus on endpoints (opens in new tab), with out detailing which malware, precisely. 

• These are one of the best firewalls (opens in new tab) proper now

Through: BleepingComputer (opens in new tab)