Phishing Attack On US Government Linked To Chinese Hackers
Two separate Chinese state-sponsored Advanced Persistent Threat (APT) groups have been observed targeting victims, including US state governments, European diplomatic entities and Gmail accounts linked to the US government.
The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant to have successfully compromised at least six US state government networks. The APT did so by exploiting vulnerable Internet-facing web applications, including using zero-day vulnerabilities in Apache Log4j.
Google’s Threat Analysis Group (TAG) alerted multiple Gmail users affiliated with the US government of an attempted phishing attack by a Chinese-backed hacking group, APT31, in February. TAG warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email service.
According to TAG multiple Gmail users affiliated with the US government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.
Fortunately for government officials, the attempted attack was unsuccessful as all of the emails containing phishing links were automatically marked as spam and filtered by Gmail. “Today, we sent those people who were targeted government backed attacker warnings,” Shane Huntley, Director of TAG said on Twitter... We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine. In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the US government. 100% of these emails were automatically classified as spam and blocked by Gmail.”
The attempted attack was unsuccessful as the emails were automatically marked as spam and filtered by Gmail.
There is no evidence that the hacking campaign was associated with the current war in Ukraine. When government sponsored hackers attempt to send a malicious email in Gmail, an alert warning them of a potential attack will be received. According to Google, less than 0.1% of account users will experience an attack.
Shane Huntley / Twitter: Silicon Angle: Oodaloop: TechRepublic: Techradar: Newz9: NewsUpateUK:
You Might Also Read:
China’s Dirty Secret - Intellectual Property Theft: