Google says in a new blog post that hackers affiliated with the Chinese government are trying to infect the machines of victims of malware using the antivirus software McAfee. And, Google says, the hackers appear to be the same group that thwarted former Vice President Joe Biden’s presidential campaign by phishing attack earlier this year. A similar group of hackers based in Iran tried to target President Trump’s campaign, but failed.
The group, called Google APT31 (short for Advanced Persistent Threat), will email users links that will download a wareware loader hosted on GitHub, allowing the attacker to upload and download files and execute commands. As the group used services such as GitHub and DropPubx to carry out attacks, it became more difficult to track them.
Shane Huntley, head of Google’s Threat Analysis Group, wrote in a blog post, “Every malicious part of the attack was hosted on legitimate services, making it difficult for defenders to rely on network signals for investigation,” Shane Huntley, head of Google’s Threat Analysis Group Was.
In a scam fee scam, the email recipient will be asked to install a legitimate version of the MacFace software from GitHub, while at the same time installing malware without the user knowing. Huntel noted that whenever Google detects that a user has been the victim of a government-backed attack, it sends them a warning.
The blog post did not mention who was affected by the recent APT-31 attacks, but said, “In the context of the UP elections, the APT More attention has been paid to the threats posed by. ” Google has shared its findings with the FBI.