Google blows the whistle on Chinese GC2 tool.

Apr 18 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that will never squash the #BEEF with cybercriminals like Amy with Danny. And Danny with Amy. Those who know, know… #addicted

Today’s hottest cyber security stories:

  • Google blows the whistle on Chinese GC2 tool that targets Taiwanese media site
  • ACCC: Cybercrime cost Aussies $3.1bn, with real amount ‘even higher’
  • The China Cyber-drome: Politico pontificates on potential China cyberattack on U.S.

CHINA UNLEASHES ‘HOODOO’ VOODOO ON TAIWAN

Whodunit? Hoodoo. Who? Very funny. Well, the threat actor behind the latest attack on a Taiwanese media organisation goes by many names. This is according to Google who admirably blew the whistle on the China-backed cyberattack.

TAG, you’re it!

Threat Analysis Group (TAG) tagged (hehe) it under the geological and geographical-themed moniker HOODOO, but it’s also known by the names APT41, Barium, Bronze Atlas, Wicked Panda, and Winnti.

What’s the 411?

So, what’s the crime here? Well, it’s essentially another phishing attack: our bread and butter – reporting on it, that is, not perpetrating it!

Basically, a Chinese nation-state group targeted an unnamed Taiwanese media organisation to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google’s infrastructure for malicious ends.

This will only add to the already pressure cooker levels of tension between the neighbouring nations.

And Don’t forget, the good old U.S. of A. is backing Taiwan so any act of aggression from China on Taiwan is an indirect attack on Uncle Sam. Scary stuff, huh?

Let’s hope this doesn’t prove to be WWIII’s version of Franz Ferdinand getting shot, folks… I mean, it seems arbitrary enough to qualify!

But how does it work? “After installation on the victim machine, the malware queries Google Sheets to obtain attacker commands,” Google’s cloud division said in its sixth Threat Horizons Report.

“In addition to exfiltration via Drive, GC2 enables the attacker to download additional files from Drive onto the victim’s system.”

Incidentally, Google said the threat actor previously utilised the same malware in July 2022 to target an Italian job search website.

‘If it ain’t broke, don’t fix it’ appears to be the mantra in play here. How quaint.

CAN YOU TELL HOW MUCH IT IS, YET?

You call that a scam! This is a scam! Knifey spooney references aside, our friends down under have been having a rough old time of it lately when it comes to cybercrime. I mean crikey, the poor buggers can’t seem to catch a break!

No wonder they’re talking about banning companies from caving to pressure and paying off their ransomware attackers. It’s a cybercrime pandemonium over there! Honestly, no other western country comes close.

According to the latest report by the Australian Competition and Consumer Commission, Aussies were scammed out of a whopping $3.1 billion in 2022.

That’s a huge jump from the $2 billion they lost in 2021. The report, which analysed over 500,000 reports from Scamwatch, ReportCyber, major banks, and money remitters, is aptly titled ‘Targeting Scams’.

Key takeaways from Targeting Scams:

  • Investment scams were, by far, the most effective, contributing to combined losses of an eye-watering $1.5 billion.
  • In second place (by a country mile) was remote access scams with total losses of $299 million.
  • Then, a gnat’s nibbler behind, we have payment redirection scams with $224m lost, respectively.
  • Additionally, the average loss per scam sky-rocketed from $12,742 in 2021 to $9,654, a 54% increase. Yikes!

As a final kick in the goolies, the Scamwatch report claims the real amount lost was likely to be far higher than the $3.1bn, because 30% of victims do not report scams to anyone and only 13% of victims report to Scamwatch.

Struth!

THE VIRUS CAME FROM CHY-NA! 

Nope, we’re not talking about that virus, thank God. We’re talking about a potential computer virus. Sorry, it’s not 1999 anymore, is it? #Y2K #ShowingOurAge

We are, of course, talking about a potential cyberattack; well, Politico is, to be exact. 

The political publication has been speculating about what a potential Chinese cyber attack on the U.S. would look like amidst mounting pressure in Taiwan. Sorry, Nancy Pelosi, your little state visit didn’t smooth things over. In fact, it probably made things worse. Maybe get your own house in order first, eh?

Anyway, the political talking heads reckon that if China decides to invade Taiwan, they might unleash a barrage of digital attacks on the United States as an accompanying dish. Like Satay chicken sticks. Mmmm. Wait, no – boo!

The folks in Beijing are not holding back in their ever intensifying interactions with the poor, put-upon island. In fact, they’ve gone so far as to renew their military drills around Taiwan.

This was in response to the recent meetings between Taiwan’s president and House leaders in the US, which China deemed a “provocation.” Ominous.

“If Xi Jinping moves on Taiwan, we should assume he’ll launch cyberattacks against the United States as part of the operation,” Rep. Mike Gallagher (R-Wis.) wrote in an email.

Are we on the cusp of Cybergeddon? Or is this just Cybeculation. Watch this cyberspace… 🙃

So long and thanks for reading all the phish!

Recent articles