On the other side of the coin, the personal email accounts of staffers associated with the “Donald J. “For nation-state actors, this is a simple way to perform reconnaissance on targeted accounts to determine if the account is valid or the user is active.” “Although the domain itself may not have malicious content, allows Zirconium to check if a user attempted to access the site,” said Microsoft. The group then sends the URL of the domain to targets via email text (or attachment) and persuades them to click the link via social engineering. The threat group’s TTPs include using web “beacons” that are tied to an attacker-controlled domain.
According to reports, this threat actor is tied to the Chinese government.īeyond staffers on the “Joe Biden for President” campaign, APT 31 has also been targeting “prominent individuals in the international affairs community, academics in international affairs from more than 15 universities,” according to previous Microsoft research. Google attributed the attack on Biden’s campaign staff to APT 31 (also known as Zirconium). The McAfee lure used in the Biden cyberattack. The malware was specifically a python-based implant using Dropbox for command and control (C2), which once downloaded would allow the attacker to upload and download files and execute arbitrary commands.Įvery malicious piece of this attack was hosted on legitimate services – making it harder for defenders to rely on network signals for detection, researchers noted. The campaign was based on email based links that would ultimately download malware hosted on GitHub, researchers said. “The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system.” “In one example, attackers impersonated McAfee,” said researchers on Friday. However, the details of the attacks themselves, and the tactics used, were scant until Google Threat Analysis Group’s (TAG) Friday analysis. The unsuccessful advanced persistent threat group (APT) attacks on Biden’s campaign were first uncovered in June, along with cyberattacks targeting Donald Trump’s campaign. The emails were an attempt to steal staffers’ credentials and infect them with malware.
Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection.
0 kommentar(er)
