Phishing Attack On US Government Linked To Chinese Hackers

Uploaded on 2022-03-22 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Two separate Chinese state-sponsored Advanced Persistent Threat (APT) groups have been observed targeting victims, including US state governments, European diplomatic entities and Gmail accounts linked to the US government.

The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant  to have successfully compromised at least six US state government networks. The APT did so by exploiting vulnerable Internet-facing web applications, including using zero-day  vulnerabilities in Apache Log4j.

Google’s Threat Analysis Group (TAG) alerted multiple Gmail users affiliated with the US government of an attempted phishing attack by a Chinese-backed hacking group, APT31, in February.  TAG warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email service.

According to TAG multiple Gmail users affiliated with the US government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

Fortunately for government officials, the attempted attack was unsuccessful as all of the emails containing phishing links were automatically marked as spam and filtered by Gmail. “Today, we sent those people who were targeted government backed attacker warnings,” Shane Huntley, Director of TAG said on Twitter... We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine. In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the US government. 100% of these emails were automatically classified as spam and blocked by Gmail.”

The attempted attack was unsuccessful as the emails were automatically marked as spam and filtered by Gmail.

There is no evidence that the hacking campaign was associated with the current war in Ukraine. When government sponsored hackers attempt to send a malicious email in Gmail, an alert warning them of a potential attack will be received. According to Google, less than 0.1% of account users will experience an attack.

Shane Huntley / Twitter:   Silicon Angle:      Oodaloop:   TechRepublic:     Techradar:   Newz9:    NewsUpateUK

You Might Also Read: 

China’s Dirty Secret - Intellectual Property Theft:

 

« Ukraine's 'IT Army' Risks Being Hijacked By Malware
Facebook Allows Calls for Violence Against Russian Leaders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tufin

Tufin

Tufin enables organizations to automate their security policy visibility, risk management, provisioning and compliance across their multi-vendor, hybrid environment.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.