Google exposed Chinese state-backed APT41 using TOUGHPROGRESS malware to exploit Google Calendar for C2. This group hid commands in calendar events, targeting government entities. Google shut down the malicious ops. #CyberAttack #APT41 #ThreatIntel
#apt41
Nieuwsbrief 368, van TikTok-valstrik tot Russische spionage: de digitale dreigingen van deze week onthuld
Nieuwsbrief Cybercrimeinfo: https://www.ccinfo.nl/menu-nieuws-trends/nieuwsbrief-archief/nieuwsbrief-berichten/2538810_nieuwsbrief-368-van-tiktok-valstrik-tot-russische-spionage-de-digitale-dreigingen-van-deze-week-onthuld
Podcast Spotify: https://open.spotify.com/episode/6eB0sS0kLv67X9Ozezt9dh?si=c129cf1d63f84f51
Podcast Youtube: https://youtu.be/4VbVxFCiuaU?si=EMQ1sMpGE4uLmtN1
#Cybercrime #Cyberdreiging #TikTokMalware #APT41 #LaundryBear #Spionage #Darkweb #Phishing #DigitaleVeiligheid #Cybercrimeinfo #Cybersecurity #Infostealer #GoogleCalendarHack #Ransomware #Cyberaanval #Hackers #Malware #Digiweerbaar #Cyberwar
✨ APT41 e Google Calendar: O Novo Canal para C2!
📝 Descubra como o grupo APT41 está inovando em suas táticas de comando e controle ao explorar eventos do Google Calendar. Essa abordagem astuta pode impactar a segurança cibernética de muitas organizações. Não fique por fora das tendências! Clique para entender melhor essa ameaça emergente e como se proteger!
.
.
.#SegurançaCibernética #APT41 #Ciber...
https://inkdesign.com.br/apt41-utiliza-eventos-do-google-calendar-para-c2/?fsp_sid=45229
APT41 en het misbruik van Google Calendar: een nieuwe manier van cyberaanvallen
Artikel Cybercrimeinfo: https://www.ccinfo.nl/menu-onderwijs-ontwikkeling/cybercrime/2534024_apt41-en-het-misbruik-van-google-calendar-een-nieuwe-manier-van-cyberaanvallen
Podcast Spotify: https://open.spotify.com/episode/03l4nNcNixHx48RMGcJWr7?si=ySlbYv2kTt-rnHKNH5ZGxA
Podcast Youtube: https://youtu.be/h2ECy7-bKM8?si=lfaODP-d4IN4f65s
#APT41 #GoogleCalendar #cyberaanvallen #cyberdreigingen #cyberbeveiliging #cloudsecurity #phishing #MFA #TOUGHPROGRESS #C2communicatie #socialemanipulatie #digitaleveiligheid #cybercriminaliteit #APT41aanval
Detect #APT41 attacks abusing Google Calendar to drop TOUGHPROGRESS malware using a set of Sigma rules in the SOC Prime Platform.
https://socprime.com/blog/detect-apt41-attacks-abusing-google-calendar/?utm_source=mastodon&utm_medium=social&utm_campaign=latest-threats&utm_content=blog-post
📅 APT41 is now using Google Calendar for stealthy C2 ops via new malware “TOUGHPROGRESS.” Spear-phishing + cloud abuse = next-gen espionage. Legit tools, malicious intent 🕵️♂️💻 #CloudAbuse #APT41
https://www.darkreading.com/threat-intelligence/apt41-uses-google-calendar-events-c2
#China-linked #APT41 used #Google #Calendar as C2 to control its TOUGHPROGRESS malware
https://securityaffairs.com/178424/apt/china-linked-apt41-used-google-calendar-as-c2-to-control-its-toughprogress-malware.html
#securityaffairs #hacking #malware
APT41 is using Google Calendar as a secret command center—hiding malicious orders in plain sight. How far will cybercriminals go with the everyday tools we trust? Learn the full story behind this stealthy trick.
https://thedefendopsdiaries.com/apt41s-innovative-use-of-google-calendar-for-cyber-espionage/
Brass Typhoon: The #Chinese #Hacking Group Lurking in the Shadows
Though less well-known than groups like #VoltTyphoon and #SaltTyphoon , #BrassTyphoon , or #APT41 , is an infamous, longtime #espionage actor that foreshadowed recent telecom #hacks.
#security #China
Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html
#Infosec #Security #Cybersecurity #CeptBiro #Winnti #APT41 #JapaneseFirms #RevivalStone #CyberEspionageCampaign
📢 New! Threat Intelligence Reports from ANYRUN
Discover detailed research on active cyber threats and #APTs with actionable insights, #IOCs, & #TTPs
Enrich proactive security, report on #APT41 inside ⬇️
https://any.run/cybersecurity-blog/threat-intelligence-reports/?utm_source=mastodon&utm_medium=post&utm_campaign=ti_reports&utm_content=linktoblog&utm_term=130225
☠️ Evasive #APTs can be hard to identify
TI Lookup solves this with critical context for attack indicators and intel to help prevent future attacks
See how with #APT41 & #MuddyWater examples ⬇️
https://any.run/cybersecurity-blog/track-advanced-persistent-threats/?utm_source=mastodon&utm_medium=post&utm_campaign=track_apt&utm_content=linktoblog&utm_term=120225
quote :
這次針對 #菲律賓 總統辦公室的入侵,是由 #中國 政府附屬駭客組織 #APT41 所發動,是針對菲律賓多個政府機構辦公室、醫院網路和其他組織的間諜活動一環,大部分攻擊是在2023年初至2024年6月期間發動的。
中國駭客入侵菲律賓總統辦公室 竊取敏感軍事文件
https://news.ltn.com.tw/news/world/breakingnews/4916578
Chinese Winnti( #APT41 ) hacking group is using a new #PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals.
#CyberAttacks #cybercrime
https://www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/
A new DISCARDED podcast episode is here 🚨
Listen in to hear APT research expert Mark Kelly share his insight on the #cybercrime and state-sponsored espionage of #TA415 (AKA #APT41 #BrassTyphoon).
Chinese hackergroep apt41 breidt surveillancecapaciteiten uit met nieuw malware toolkit https://www.trendingtech.news/trending-news/2024/11/47727/chinese-hackergroep-apt41-breidt-surveillancecapaciteiten-uit-met-nieuw-malware-toolkit #APT41 #DeepData Framework #cyber-espionage #Zuid-Azië #malware toolkit #Trending #News #Nieuws
In August 2024, Proofpoint published research highlighting an unusual, suspected espionage campaign targeting dozens of organizations worldwide to deliver a custom malware family named “Voldemort”.
Proofpoint analysts now attribute this campaign to the China-aligned threat group #TA415 (also known as #APT41 and #BrassTyphoon).
This attribution is based on multiple newly identified high confidence links between the campaign distributing Voldemort and known TA415-attributed infrastructure, including overlaps with activity publicly reported by Mandiant in July 2024: https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust.
Furthermore, in late August 2024, Proofpoint identified a targeted campaign featuring an almost identical attack chain to deliver the Voldemort backdoor. This activity spoofed a Taiwanese aerospace industry association and repeatedly targeted fewer than five aerospace companies in the US and Taiwan, aligning with more typical targeting associated with TA415 and other China-aligned actors.
The screenshot below shows a machine translated version of a phishing email associated with this campaign (originally written in Traditional Chinese).
In this campaign, TA415 began using Google AMP Cache URLs that redirected to password protected 7-Zip files hosted on OpenDrive. These archives contained malicious Microsoft Shortcut (LNK) files that attempted to download a Python script hosted on paste[.]ee. This activity continued into late September 2024 and also targeted a small number of organizations in the chemicals, insurance, and manufacturing industries.
The initial widespread #TA415 campaign distributing Voldemort remains unusual due to its widespread targeting and techniques more commonly observed in cybercrime activity.
While this volume of targeting from an APT actor is uncommon, it is not unheard of, as Proofpoint
observed similar high volume targeting by the Russia state-aligned threat actor #TA422 in 2023: https://ow.ly/BJuW50TQSt0.
⬇️⬇️⬇️
Read our recent blog to learn more about the TA415 Voldemort campaign: https://ow.ly/8Cka50TQSv1.
#APT41, a Chinese nation-state actor, has launched a sophisticated cyber attack against the gaming industry, stealthily gathering critical data like user passwords and network configurations over six months.
https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst