Chinese state-sponsored hacking group APT41, also known as HOODOO, has been found using the Google Command and Control (GC2) tool to conduct data theft attacks against a Taiwanese media company and an Italian job search company. GC2 is an open-source project designed for red teaming activities and uses Google Sheets URLs to send commands to compromised devices. The threat actors used the tool to download and install additional payloads from Google Drive or exfiltrate stolen data to cloud storage services. APT41 has been known to deploy a wide variety of malware on compromised systems, including rootkits, bootkits, custom malware, backdoors, Point of Sale malware, and even ransomware. In 2020, the US Department of Justice indicted three Chinese nationals believed to be part of APT41 for conducting supply chain attacks, data theft, and breaches against countries worldwide. The use of legitimate red teaming tools and remote monitoring and management (RMM) platforms by threat actors is a growing trend to evade detection during attacks.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Bleeping Computer