Security News > 2022 > November > Chinese hackers use Google Drive to drop malware on govt networks

State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide.
The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.
Although the hackers used various malware loading routines, the process typically involved DLL side-loading after the victim launched an executable present in the archives.
The three malware strains used in this campaign are PubLoad, ToneIns, and ToneShell.
From the three custom malware pieces used in the campaign, only PubLoad has been previously documented in a Cisco Talos report from May 2022 describing campaigns against European targets.
The latest campaign shows signs of an improved toolset and capability to expand, which increases the Chinese hackers' ability to collect intelligence and breach targets.
News URL
Related news
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)