(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Chinese government-backed hackers impersonated as security provider McAfee’s staff to trick users into installing malware on their devices, a Google blog post stated.
The hackers would prompt targets to install a legitimate version of McAfee anti-virus software from GitHub, while the malware was being surreptitiously installed into the system.
Google’s Threat Analysis Group that works towards thwarting cyberattacks identified the activity and sent them a prominent warning.
The findings were shared with the Federal Bureau of Investigation (FBI), Google said.
The threats come ahead of the U.S. elections, with the incidents of threats increasing over the months. Google sent 10,316 warnings about ‘government-backed attacks’ in the July to September quarter of 2020, it said.
In June, Google said it spotted phishing attacks against personal email accounts of staffers on the Biden and Trump campaigns by Chinese and Iranian Advanced Persistent Threats (APT).
These attacker groups targeted campaign staffers’ personal emails with credential phishing attacks and emails containing tracking links.
Another Chinese malware campaign was based on emailing links that would ultimately download malware hosted on GitHub. The malware was a Python-based implant using file sharing service Dropbox for command and control. It would allow the attacker to upload and download files as well as execute arbitrary commands.
Every malicious piece of the attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection, Google stated.
Also read | Haldiram’s crucial data stolen; hackers demand ₹ 7.5 lakh to release information
Earlier in September, Microsoft also noted the increase in cyberattacks targeting people and organisations involved in the U.S. Presidential elections.
Russian cyber hacking group Strontium attacked more than 200 organisations including political campaigns, advocacy groups, parties and political consultants, Microsoft stated.
Other cyber espionage groups like Zirconium and Phosphorus, operating from China and Iran respectively, attacked high-profile users associated with the election.
