Security News > 2022 > November > Chinese hackers use Google Drive to drop malware on govt networks
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide.
The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.
Although the hackers used various malware loading routines, the process typically involved DLL side-loading after the victim launched an executable present in the archives.
The three malware strains used in this campaign are PubLoad, ToneIns, and ToneShell.
From the three custom malware pieces used in the campaign, only PubLoad has been previously documented in a Cisco Talos report from May 2022 describing campaigns against European targets.
The latest campaign shows signs of an improved toolset and capability to expand, which increases the Chinese hackers' ability to collect intelligence and breach targets.
News URL
Related news
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)