Google’s Threat Analysis Group (TAG) warned several Gmail users of being targeted in phishing campaigns performed by a Chinese hacking group. The warnings came after Gmail’s defenses automatically blocked the emails. The attacks were launched by the notorious APT31 and targeted high-profile Gmail users affiliated with the U.S. government. However, the TAG team didn’t find any connection between the attacks and the ongoing war. Google sends alerts on government-backed attacks when they are launched via infrastructure associated with government-sponsored threat actors.
The team, furthermore, stated that Belarusian, Russian, and Chinese adversaries targeted European and Ukrainian government and military organizations. A variety of threat actors, including Ghostwriter and FancyBear, have also been observed launching phishing campaigns and DDoS attacks. Another Chinese-backed hacking group called Mustang Panda shifted to phishing attacks against European entities leveraging lures related to Russia’s invasion of Ukraine. The Chinese-sponsored APT41 breached at least six U.S. state government networks between May 2021 and February 2022 by exploiting vulnerable internet-facing web apps. Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) and researchers at Symantec found a network attack tool targeting sufficiently secured networks. Dubbed Daxin, the malware is allegedly associated with Chinese threat actors and has been active since at least 2013.