Phishing Attack On US Government Linked To Chinese Hackers

Uploaded on 2022-03-22 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Two separate Chinese state-sponsored Advanced Persistent Threat (APT) groups have been observed targeting victims, including US state governments, European diplomatic entities and Gmail accounts linked to the US government.

The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant  to have successfully compromised at least six US state government networks. The APT did so by exploiting vulnerable Internet-facing web applications, including using zero-day  vulnerabilities in Apache Log4j.

Google’s Threat Analysis Group (TAG) alerted multiple Gmail users affiliated with the US government of an attempted phishing attack by a Chinese-backed hacking group, APT31, in February.  TAG warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email service.

According to TAG multiple Gmail users affiliated with the US government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

Fortunately for government officials, the attempted attack was unsuccessful as all of the emails containing phishing links were automatically marked as spam and filtered by Gmail. “Today, we sent those people who were targeted government backed attacker warnings,” Shane Huntley, Director of TAG said on Twitter... We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine. In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the US government. 100% of these emails were automatically classified as spam and blocked by Gmail.”

The attempted attack was unsuccessful as the emails were automatically marked as spam and filtered by Gmail.

There is no evidence that the hacking campaign was associated with the current war in Ukraine. When government sponsored hackers attempt to send a malicious email in Gmail, an alert warning them of a potential attack will be received. According to Google, less than 0.1% of account users will experience an attack.

Shane Huntley / Twitter:   Silicon Angle:      Oodaloop:   TechRepublic:     Techradar:   Newz9:    NewsUpateUK

You Might Also Read: 

China’s Dirty Secret - Intellectual Property Theft:

 

« Ukraine's 'IT Army' Risks Being Hijacked By Malware
Facebook Allows Calls for Violence Against Russian Leaders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

Perygee

Perygee

Perygee is a fully integrated platform for operational security. Companies depend on Perygee to identify and streamline the most important security practices for their operations.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.