Sign up to save your podcasts
Or
Share Busted! China Caught Red-Handed Hacking Google Calendar for Espionage
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Busted! China Caught Red-Handed Hacking Google Calendar for Espionage
This is your China Hack Report: Daily US Tech Defense podcast.
"Hey folks, Ting here with your Thursday, May 29th breakdown of China's latest cyber shenanigans. And wow, do we have some juicy tech drama to unpack today!
Just this morning, researchers caught APT41 – that's China's Ministry of State Security-linked hacking group also known as Wicked Panda or Winnti – exploiting Google Calendar of all things! They've been using it as a command and control channel in a sophisticated espionage campaign targeting government entities. Pretty clever, right? Using our everyday productivity tools to blend in with legitimate traffic. Google's Threat Intelligence Group discovered this after finding an exploited government website hosting malware they've dubbed TOUGHPROGRESS.
Google's Patrick Whitsell confirmed they've developed custom fingerprints to identify and take down the attacker-controlled calendars. They've also terminated the Workspace projects the hackers were using, effectively dismantling APT41's infrastructure. If you're in government IT, you'll want to check your Google Workspace logs ASAP.
Meanwhile, the Czech Republic just attributed a 2022 cyberattack to another Chinese group – APT31. This comes on the heels of Department of Justice indictments back in March against seven hackers associated with this group for widespread espionage targeting U.S. interests.
Remember Volt Typhoon? That massive campaign against U.S. critical infrastructure? Well, it turns out Chinese officials secretly admitted to conducting those attacks during a Geneva summit last December. According to The Wall Street Journal, the admission came during meetings with the outgoing Biden administration. The kicker? American officials believe these attacks were meant as a warning to the U.S. about supporting Taiwan. Volt Typhoon actors managed to dwell in the U.S. electric grid for 300 days in 2023 – that's almost a full year of undetected access!
And speaking of Taiwan, they're currently bearing the brunt of China's cyber offensive with government networks facing a staggering 2.4 million cyberattacks daily throughout 2024.
The U.S. Treasury Department hasn't escaped Beijing's attention either. Back in December, they suffered a state-sponsored attack targeting the Office of Foreign Assets Control and the Office of the Treasury Secretary – both of which had administered sanctions against Chinese companies.
For immediate defense, CISA recommends implementing multi-factor authentication on all Google Workspace accounts, reviewing calendar sharing settings, and monitoring for unusual calendar invites, especially those containing suspicious links or attachments.
This is Ting, signing off until tomorrow. Stay vigilant and keep your calendars clean!"
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
"Hey folks, Ting here with your Thursday, May 29th breakdown of China's latest cyber shenanigans. And wow, do we have some juicy tech drama to unpack today!
Just this morning, researchers caught APT41 – that's China's Ministry of State Security-linked hacking group also known as Wicked Panda or Winnti – exploiting Google Calendar of all things! They've been using it as a command and control channel in a sophisticated espionage campaign targeting government entities. Pretty clever, right? Using our everyday productivity tools to blend in with legitimate traffic. Google's Threat Intelligence Group discovered this after finding an exploited government website hosting malware they've dubbed TOUGHPROGRESS.
Google's Patrick Whitsell confirmed they've developed custom fingerprints to identify and take down the attacker-controlled calendars. They've also terminated the Workspace projects the hackers were using, effectively dismantling APT41's infrastructure. If you're in government IT, you'll want to check your Google Workspace logs ASAP.
Meanwhile, the Czech Republic just attributed a 2022 cyberattack to another Chinese group – APT31. This comes on the heels of Department of Justice indictments back in March against seven hackers associated with this group for widespread espionage targeting U.S. interests.
Remember Volt Typhoon? That massive campaign against U.S. critical infrastructure? Well, it turns out Chinese officials secretly admitted to conducting those attacks during a Geneva summit last December. According to The Wall Street Journal, the admission came during meetings with the outgoing Biden administration. The kicker? American officials believe these attacks were meant as a warning to the U.S. about supporting Taiwan. Volt Typhoon actors managed to dwell in the U.S. electric grid for 300 days in 2023 – that's almost a full year of undetected access!
And speaking of Taiwan, they're currently bearing the brunt of China's cyber offensive with government networks facing a staggering 2.4 million cyberattacks daily throughout 2024.
The U.S. Treasury Department hasn't escaped Beijing's attention either. Back in December, they suffered a state-sponsored attack targeting the Office of Foreign Assets Control and the Office of the Treasury Secretary – both of which had administered sanctions against Chinese companies.
For immediate defense, CISA recommends implementing multi-factor authentication on all Google Workspace accounts, reviewing calendar sharing settings, and monitoring for unusual calendar invites, especially those containing suspicious links or attachments.
This is Ting, signing off until tomorrow. Stay vigilant and keep your calendars clean!"
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
View all episodes
By Quiet. PleaseThis is your China Hack Report: Daily US Tech Defense podcast.
"Hey folks, Ting here with your Thursday, May 29th breakdown of China's latest cyber shenanigans. And wow, do we have some juicy tech drama to unpack today!
Just this morning, researchers caught APT41 – that's China's Ministry of State Security-linked hacking group also known as Wicked Panda or Winnti – exploiting Google Calendar of all things! They've been using it as a command and control channel in a sophisticated espionage campaign targeting government entities. Pretty clever, right? Using our everyday productivity tools to blend in with legitimate traffic. Google's Threat Intelligence Group discovered this after finding an exploited government website hosting malware they've dubbed TOUGHPROGRESS.
Google's Patrick Whitsell confirmed they've developed custom fingerprints to identify and take down the attacker-controlled calendars. They've also terminated the Workspace projects the hackers were using, effectively dismantling APT41's infrastructure. If you're in government IT, you'll want to check your Google Workspace logs ASAP.
Meanwhile, the Czech Republic just attributed a 2022 cyberattack to another Chinese group – APT31. This comes on the heels of Department of Justice indictments back in March against seven hackers associated with this group for widespread espionage targeting U.S. interests.
Remember Volt Typhoon? That massive campaign against U.S. critical infrastructure? Well, it turns out Chinese officials secretly admitted to conducting those attacks during a Geneva summit last December. According to The Wall Street Journal, the admission came during meetings with the outgoing Biden administration. The kicker? American officials believe these attacks were meant as a warning to the U.S. about supporting Taiwan. Volt Typhoon actors managed to dwell in the U.S. electric grid for 300 days in 2023 – that's almost a full year of undetected access!
And speaking of Taiwan, they're currently bearing the brunt of China's cyber offensive with government networks facing a staggering 2.4 million cyberattacks daily throughout 2024.
The U.S. Treasury Department hasn't escaped Beijing's attention either. Back in December, they suffered a state-sponsored attack targeting the Office of Foreign Assets Control and the Office of the Treasury Secretary – both of which had administered sanctions against Chinese companies.
For immediate defense, CISA recommends implementing multi-factor authentication on all Google Workspace accounts, reviewing calendar sharing settings, and monitoring for unusual calendar invites, especially those containing suspicious links or attachments.
This is Ting, signing off until tomorrow. Stay vigilant and keep your calendars clean!"
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
"Hey folks, Ting here with your Thursday, May 29th breakdown of China's latest cyber shenanigans. And wow, do we have some juicy tech drama to unpack today!
Just this morning, researchers caught APT41 – that's China's Ministry of State Security-linked hacking group also known as Wicked Panda or Winnti – exploiting Google Calendar of all things! They've been using it as a command and control channel in a sophisticated espionage campaign targeting government entities. Pretty clever, right? Using our everyday productivity tools to blend in with legitimate traffic. Google's Threat Intelligence Group discovered this after finding an exploited government website hosting malware they've dubbed TOUGHPROGRESS.
Google's Patrick Whitsell confirmed they've developed custom fingerprints to identify and take down the attacker-controlled calendars. They've also terminated the Workspace projects the hackers were using, effectively dismantling APT41's infrastructure. If you're in government IT, you'll want to check your Google Workspace logs ASAP.
Meanwhile, the Czech Republic just attributed a 2022 cyberattack to another Chinese group – APT31. This comes on the heels of Department of Justice indictments back in March against seven hackers associated with this group for widespread espionage targeting U.S. interests.
Remember Volt Typhoon? That massive campaign against U.S. critical infrastructure? Well, it turns out Chinese officials secretly admitted to conducting those attacks during a Geneva summit last December. According to The Wall Street Journal, the admission came during meetings with the outgoing Biden administration. The kicker? American officials believe these attacks were meant as a warning to the U.S. about supporting Taiwan. Volt Typhoon actors managed to dwell in the U.S. electric grid for 300 days in 2023 – that's almost a full year of undetected access!
And speaking of Taiwan, they're currently bearing the brunt of China's cyber offensive with government networks facing a staggering 2.4 million cyberattacks daily throughout 2024.
The U.S. Treasury Department hasn't escaped Beijing's attention either. Back in December, they suffered a state-sponsored attack targeting the Office of Foreign Assets Control and the Office of the Treasury Secretary – both of which had administered sanctions against Chinese companies.
For immediate defense, CISA recommends implementing multi-factor authentication on all Google Workspace accounts, reviewing calendar sharing settings, and monitoring for unusual calendar invites, especially those containing suspicious links or attachments.
This is Ting, signing off until tomorrow. Stay vigilant and keep your calendars clean!"
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta