Researchers Warn Of Hackers Dropping Malware Through Google Drive On Government Networks

Researchers at Trend Micro are raising the alarm against Chinese hackers who are receiving support from the government.

The hackers are confirmed to have been taking part in spearphishing campaigns that deliver customized malware that's stored in Google Drive. This malware is dropped on specific locations such as government networks, research areas, and even academic organizations.

Moreover, the researchers claim that such incidents were seen peaking during the period between March and October of this year. Security researchers have even gone as far as attributing the disturbing behavior to a cyber group named Mustang Panda.

As mentioned by Trend Micro researchers, this threat group targets mostly those organizations located in places like Australia, the Philippines, Taiwan, and even Japan. Moreover, you’ll see the hackers making use of established Google accounts to release targets in emails. These work at luring the victims into installing custom malware through links from Google Drive.

More details have gone about revealing how a lot of the hackers utilized messages linked to geopolitical themes and most targets were the government’s institutions. They ended up bypassing all forms of security mechanisms in place as their links point to folders seen on Google Drive or even Dropbox. Both the former and the latter have the best reputation for being less suspicious.

So many of the links are leading to files that arise in compressed ZIP or RAR formats and entail various malware strains like ToneShell and PubLoad.

Researchers are also unveiling how the recent campaign has some of the Mustang Panda tactics that experts had warned about in September of this year. But this new campaign displays signs featuring better toolsets and the ability to expand which causes an increase in hackers’ ability to gather intelligence details and even attack targets with ease.

During the start of 2022, another report by Proofpoint mentioned how Mustang Panda focused operations taking place in Europe and these targeted diplomats with high rankings.

Meanwhile, another report that was released during a similar time showcased the Mustang Panda initiative targeting officials from Russia.

Then in March of this year, Mustang Panda conducted operations in places like Southeast Asia, Africa, and even the southern parts of Europe. And that is what made so many people realize that this Chinese cyber group is a huge gang that is proving to be a global threat.

Read next: Ransomware Attacks Decrease by Over 20% in 2022
Previous Post Next Post