Google offers new details about the China-Linked Hacking Group

Google offers new details about the China-Linked Hacking Group

Posted October 18, 2020

Google offers new details about the China-Linked Hacking Group

  • A report released Friday by Google Threat Analysis Group offers new information on the China-linked hacking group that targeted Joe Biden’s campaign offices with phishing emails earlier this year.
  • Google TAG notes that APT31, also known as Zirconium, used GitHub to host malware and Dropbox as the command and control infrastructure to avoid detection and hide from security tools.
  • The malware was a Python-based implant. If it were installed, the report said the hackers could upload and download files and execute arbitrary commands.
  • The malicious code also connects to the command and control server hosted on Dropbox.

| October 18, 2020