Google’s Threat Analysis Group (TAG) has published a report uncovering the use of an open source tool called GC2 by APT41, a Chinese state-sponsored hacking group. The group is known for targeting various industries, including healthcare, telecommunications, and the gaming industry.
According to the report, APT41 used GC2 to target media organizations and job sites in various countries, including the United States, Europe, and Asia. The group used GC2 to perform reconnaissance on potential targets, gather information about their infrastructure, and ultimately gain access to their systems.
GC2 is an open source tool that is freely available online, which makes it an attractive option for hackers who want to avoid detection. The tool can be used to gather information about web servers, including domain names, IP addresses, and operating system information. It can also be used to scan for vulnerabilities and perform other reconnaissance activities.
Google’s report highlights the growing trend of state-sponsored hacking groups using open source tools to carry out their attacks. These tools are often freely available online and can be modified to suit the specific needs of the attacker. This makes it difficult for security researchers to detect and prevent these attacks.
APT41 has been active since at least 2012 and is known for its sophisticated tactics and advanced malware. The group has been linked to various cyber espionage campaigns targeting governments and businesses around the world. In addition to using GC2, APT41 has also been known to use other open source tools, including Metasploit and Cobalt Strike.
Google’s report serves as a reminder of the importance of staying vigilant against cyber threats. It is important for organizations to have robust security measures in place to protect their systems and data. This includes keeping software up to date, using strong passwords, and regularly conducting vulnerability assessments and penetration testing.