Chinese hackers used Google Calendar to aid attacks on government entities

Google has said that it caught suspected People’s Republic of China-backed hackers leveraging its Calendar service to help stealthily stage attacks on government agencies.

In late October of last year, Google Threat Intelligence Group said it “discovered an exploited government website hosting malware being used to target multiple other government entities,” the company’s Patrick Whitsell wrote in a blog post. The exploited website delivered malware the company dubbed TOUGHPROGRESS that took advantage of Google Calendar for command and control (C2) to help it blend in with authentic activity.

Google determined “with high confidence” that the group behind the attacks was APT41, the Chinese Ministry of State Security-linked outfit alternatively known by a host of other names such as Wicked Panda, Winnti and Double Dragon.

Read more at CyberScoop