Google claims that its Vulnerability Monitoring Group (TAG) has not found any major campaigns of concerted influence targeting US voters on its website.
Nevertheless, while the efforts did not seem to be successful, the web giant witnessed international agents launching phishing attacks during the U.S. presidential elections.
In June, such attacks were attributed to advanced persistent threats (APTs) from China and Iran that targeted staff’s personal emails about the Biden and Trump campaigns.
The attacks were traced to Iranian-linked APT35 and Chinese threat actor APT31, who were detected trying to phish credentials for workers, but also sent emails containing links to track them.
APT31 was trying to install malware hosted on GitHub in one attack. The malicious code, a Python-based implant that leverages command and control (C&C) from Dropbox, was developed to provide command execution and file upload and update capability for attackers. Know complete details about file upload vulnerability here.
“Google reveals,” Each malicious component of this attack was hosted on legitimate services, making it more difficult for defenders to rely on network signals for identification.
The organization also found an attack where McAfee was impersonated by the threat actor, causing the targeted victims to download and update a legal version of GitHub’s McAfee anti-virus. However, in the background, ransomware was silently mounted on the victim’s computer.
Google further states that and that the Federal Bureau of Investigation was also told of these attacks, users who were marked as being targeted in such attacks were warned.
The organization has submitted nearly 33,000 “government-funded intruder” notices so far in 2020.
The Internet giant has found that the challenge posed by APTs to the U.S. election has drawn interest, especially with government agencies warning about opponents potentially targeting the electoral process, and that 14 Google accounts linked to Ukrainian Parliament member Andrii Derkach, who was accepted by the U.S., have been deleted The Treasury Department’s efforts to manipulate the U.S. votes.
“To date, TAG has not found any big organized efforts that threaten or aim to manipulate U.S. voters on our platforms,” Google says.
The organization has tracked a China-linked spam network over the past year, mainly on YouTube, but also on other sites, aiming to run an impact campaign. Google removed over 3,000 YouTube channels linked to the operation during the third quarter of the year alone, preventing it from building an audience.
In Mandarin, the network mostly used hacked accounts for spam content, but also uploaded a limited amount of videos on current affairs, some linked to Hong Kong and China’s COVID-19 reaction, and some focused on U.S. affairs.
There are less than 10 views of any of the videos we classify, and most of these views tend to come from linked spam accounts rather than real users. But although this network has regularly shared, much of this material is spam and we haven’t seen it hit an actual YouTube audience effectively,’ the organization reveals.
In line with the progression of the COVID-19 pandemic, hazard actors, Google also reports, have revised strategies, such as turning their targeting against pharmaceutical firms and researchers seeking to develop a vaccine. Adversaries related to China, Russia, and Iran have been observed engaging in such assaults.
In September, some North Korean threat actors, either for credential harvesting or for malware infection, began attacking COVID-19 researchers and pharmaceutical firms.
Google also claims that global threat actors have expanded their capabilities to conduct distributed denial-of-service (DDoS ) attacks over the past few years. However, witnessing state-sponsored actors launching DDoS assaults is not that popular.
“Addressing state-sponsored DDoS attacks requires a concerted internet group response, and we collaborate with others to define and eradicate the networks used to carry out attacks,” states Google.
