APT41 Uses Open Source GC2 Tool to Target Media and Job Sites Google Reveals
In the context of greater misuse of Google's infrastructure for harmful purposes, a Chinese nation-state group targeted an unknown Taiwanese media outlet to deliver the open-source red teaming tool known as Google Command and Control (GC2).
The IT giant's Threat Analysis Group (TAG) identified the threat actor as HOODOO, also known as APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti, which it tracks under the geological and geographically themed appellation HOODOO.
The assault begins with a phishing email that links to a password-protected file on Google Drive. This password-protected file then uses the Go-based GC2 tool to read commands from Google Sheets and exfiltrate data read more APT41 Uses Open Source GC2 Tool to Target Media and Job Sites Google Reveals.
With ReconBe...