Phishing Attack On US Government Linked To Chinese Hackers

Uploaded on 2022-03-22 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Two separate Chinese state-sponsored Advanced Persistent Threat (APT) groups have been observed targeting victims, including US state governments, European diplomatic entities and Gmail accounts linked to the US government.

The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant  to have successfully compromised at least six US state government networks. The APT did so by exploiting vulnerable Internet-facing web applications, including using zero-day  vulnerabilities in Apache Log4j.

Google’s Threat Analysis Group (TAG) alerted multiple Gmail users affiliated with the US government of an attempted phishing attack by a Chinese-backed hacking group, APT31, in February.  TAG warned “multiple” people that APT31 (also known as Judgment Panda and Zirconium) was after their sensitive information, and that the phishing attacks were successfully blocked in their email service.

According to TAG multiple Gmail users affiliated with the US government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

Fortunately for government officials, the attempted attack was unsuccessful as all of the emails containing phishing links were automatically marked as spam and filtered by Gmail. “Today, we sent those people who were targeted government backed attacker warnings,” Shane Huntley, Director of TAG said on Twitter... We don’t have any evidence to suggest that this campaign was related to the current war in Ukraine. In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the US government. 100% of these emails were automatically classified as spam and blocked by Gmail.”

The attempted attack was unsuccessful as the emails were automatically marked as spam and filtered by Gmail.

There is no evidence that the hacking campaign was associated with the current war in Ukraine. When government sponsored hackers attempt to send a malicious email in Gmail, an alert warning them of a potential attack will be received. According to Google, less than 0.1% of account users will experience an attack.

Shane Huntley / Twitter:   Silicon Angle:      Oodaloop:   TechRepublic:     Techradar:   Newz9:    NewsUpateUK

You Might Also Read: 

China’s Dirty Secret - Intellectual Property Theft:

 

« Ukraine's 'IT Army' Risks Being Hijacked By Malware
Facebook Allows Calls for Violence Against Russian Leaders »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

4ARMED

4ARMED

4ARMED specializes in penetration testing, information security consultancy and security training

UpGuard

UpGuard

UpGuard's discovery engine brings visibility to complex IT environments, enabling teams to identify risk, confirm compliance and make business safer.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.