Google’s Threat Analysis Group (TAG) warned several Gmail users of being targeted in phishing campaigns performed by a Chinese hacking group. The warnings came after Gmail’s defenses automatically blocked the emails. The attacks were launched by the notorious APT31 and targeted high-profile Gmail users affiliated with the U.S. government. However, the TAG team didn’t find any connection between the attacks and the ongoing war. Google sends alerts on government-backed attacks when they are launched via infrastructure associated with government-sponsored threat actors.
The team, furthermore, stated that Belarusian, Russian, and Chinese adversaries targeted European and Ukrainian government and military organizations. A variety of threat actors, including Ghostwriter and FancyBear, have also been observed launching phishing campaigns and DDoS attacks. Another Chinese-backed hacking group called Mustang Panda shifted to phishing attacks against European entities leveraging lures related to Russia’s invasion of Ukraine. The Chinese-sponsored APT41 breached at least six U.S. state government networks between May 2021 and February 2022 by exploiting vulnerable internet-facing web apps. Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) and researchers at Symantec found a network attack tool targeting sufficiently secured networks. Dubbed Daxin, the malware is allegedly associated with Chinese threat actors and has been active since at least 2013.
In order to tackle these attempted attacks, businesses are suggested to stay vigilant in their IT protocols and train their employees to recognize phishing emails. Furthermore, a robust security awareness training program is a necessity. One of the necessary steps to upgrade an organization’s cybersecurity posture is implementing state-of-art layered security solutions.