Security News > 2022 > November > Chinese hackers use Google Drive to drop malware on govt networks
State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide.
The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.
Although the hackers used various malware loading routines, the process typically involved DLL side-loading after the victim launched an executable present in the archives.
The three malware strains used in this campaign are PubLoad, ToneIns, and ToneShell.
From the three custom malware pieces used in the campaign, only PubLoad has been previously documented in a Cisco Talos report from May 2022 describing campaigns against European targets.
The latest campaign shows signs of an improved toolset and capability to expand, which increases the Chinese hackers' ability to collect intelligence and breach targets.
News URL
Related news
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- White House links ninth telecom breach to Chinese hackers (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)