Security News > 2023 > April > Hackers abuse Google Command and Control red team tool in attacks
The Chinese state-sponsored hacking group APT41 was found abusing the GC2 red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company.
In Google's April 2023 Threat Horizons Report, released last Friday, security researchers in its Threat Analysis Group revealed that APT41 was abusing the GC2 red teaming tool in attacks.
GC2, also known as Google Command and Control, is an open-source project written in Go that was designed for red teaming activities.
Using the agent, Google says that the threat actors attempted to deploy additional payloads on the device and exfiltrate data to Google Drive, as illustrated in the attack workflow below.
APT41's use of GC2 is another indicator of a trend of threat actors moving to legitimate red teaming tools and RMM platforms as part of their attacks.
As with any tool that can help red teamers conduct exercises or for admins to manage a network remotely, they can equally be abused by threat actors in their own attacks.
News URL
Related news
- Google says hackers abuse Gemini AI to empower their attacks (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers use Google Search ads to steal Google Ads accounts (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)