Security News > 2023 > April > Hackers abuse Google Command and Control red team tool in attacks
The Chinese state-sponsored hacking group APT41 was found abusing the GC2 red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company.
In Google's April 2023 Threat Horizons Report, released last Friday, security researchers in its Threat Analysis Group revealed that APT41 was abusing the GC2 red teaming tool in attacks.
GC2, also known as Google Command and Control, is an open-source project written in Go that was designed for red teaming activities.
Using the agent, Google says that the threat actors attempted to deploy additional payloads on the device and exfiltrate data to Google Drive, as illustrated in the attack workflow below.
APT41's use of GC2 is another indicator of a trend of threat actors moving to legitimate red teaming tools and RMM platforms as part of their attacks.
As with any tool that can help red teamers conduct exercises or for admins to manage a network remotely, they can equally be abused by threat actors in their own attacks.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Samsung phone users under attack, Google warns (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)