Sun, 18 Oct 2020 08:52:42
Google said in a new blog post that hackers linked to the Chinese government had imitated antivirus software, McAfee, to try to infect victims’ machines with malware. And, says Google, the hackers appear to be the same group that failed to target former Vice President Joe Biden’s presidential campaign with a phishing attack earlier this year. A group of similar hackers based in Iran have tried to target President Trump’s campaign but have had no success either.
The group, which Google refers to as APT 31 (short for Advanced Persistent Threat), would email links to users that would download malware hosted on GitHub, allowing the attacker to upload and download files and execute commands. Since the group used services like GitHub and Dropbox to carry out the attacks, it made it more difficult to track them.
“Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” the head of Google’s Threat Analysis Group Shane Huntley wrote in the blog post.
- Turing Award winner endorse Biden, saying Trump's immigration policy will stifle tech research
- Read this story about a bizarre harassment campaign by ex-eBay employees
- Want to Spend Bill Gates’ Money? Here’s How!
In the McAfee impersonation scam, the recipient of the email would be prompted to install a legitimate version of McAfee software from GitHub, while at the same time malware was installed without the user being aware. Huntley noted that whenever Google detects that a user has been the victim of a government-backed attack, it sends them a warning.
The blog post doesn’t mention who was affected by APT-31’s latest attacks, but said there had been “increased attention on the threats posed by APTs in the context of the U.S. election.” Google shared its findings with the FBI.
Keywords: chinese hacker, mcafee hacked, campaign hacking, google hacking