A report released Friday by Google Threat Analysis Group offers new information on the China-linked hacking group that targeted Joe Biden’s campaign offices with phishing emails earlier this year.
Google TAG notes that APT31, also known as Zirconium, used GitHub to host malware and Dropbox as the command and control infrastructure to avoid detection and hide from security tools.
The malware was a Python-based implant. If it were installed, the report said the hackers could upload and download files and execute arbitrary commands.
The malicious code also connects to the command and control server hosted on Dropbox.