- The Chocolate Factory announced the Google Threat Intelligence Group-led actions on Wednesday and said that, in partnership with other teams, it terminated all Google Cloud Projects that had been controlled by UNC2814, a group that GTIG has tracked since 2017. They also disabled all known UNC2814 infrastructure and accounts, and revoked access to the Google Sheets API calls used by the Chinese snoops for command-and-control (C2) purposes.
- “As of Feb. 18, GTIG’s investigation confirmed that UNC2814 has impacted 53 victims in 42 countries across four continents, and identified suspected infections in at least 20 more countries,” the threat hunters said in the report.
- The security sleuths uncovered this campaign during a Mandiant investigation into suspicious activity in a customer’s environment. Specifically, this binary, “/var/tmp/xapt,” initiated a shell with root privileges, and then executed a command to retrieve the system’s user and group identifiers to confirm it had successfully escalated to root.
- Google suspects the payload was named xapt, after the command-line tool in Debian and Ubuntu systems, to make it easier to hide in the victim’s environment and look like a legitimate tool.
- The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
- The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
- After breaking in, the spies moved laterally via SSH, performed reconnaissance, escalated privileges, and then deployed the Gridtide backdoor using a command, “nohup ./xapt,” that allows it to run even after the user closes the session.
- “Subsequently, SoftEther VPN Bridge was deployed to establish an outbound encrypted connection to an external IP address,” the threat intel team wrote. “VPN configuration metadata suggests UNC2814 has been leveraging this specific infrastructure since July 2018.”
- The C-based backdoor uses Google Sheets as its C2 platform, can execute shell commands, and can upload and download files. In this case, the attacker deployed Gridtide on an endpoint containing personal information - likely to identify and track persons of interest - including full name, phone number, date and place of birth, voter ID and national ID numbers.
I saw when you said America Bad the first time too. Do you have any insights about the contents of this post?
Is spying wrong, Melusine?
About the attack ? Seems clever, but I am only a software engineer, no specialization in security. Also, further proof that relying on only a handful of software companies make the whole IT world quite unreliable
Are you impressed by the cleverness of Palantir too?
It’s very strange you’d come into a thread with nothing to offer except Two Minutes Hate against the Bad Country, but can’t be bothered to think about what the thread is about. Nationalism is a cancer of the soul.
Incite shit, imply shit, derail shit Incite shit, imply shit, derail shit
Fucking state sponsored, tactical bullshit
Nationalism might be problematic. And can be cancer but only if its not warranted. Like for ingroup validation. But if your nation is making a real effort and you are putting in real work to be part of that effort. Its fine really
Tell me, is ALL spying bad XLE? (Taking a page from your book to point out how disingenuous it sounded when you did that to Melusine)
(Btw the translation in human terms is something along the lines of “dance for me internet monkey” and it’s abuser tactics and usually a red flag)
Now you’re against “state sponsored bullshit” after pretending you weren’t? Okay. I’m glad to hear you’re against China’s behavior now.
I don’t agree with you that Melusine is state-sponsored by China, but since you accidentally replied to me instead of him, there you go.
When tf did I say state sponsored surveillance it was OK? Never that’s when.
They made a level headed comment about how prevalent state sponsored spying is in GENERAL is bad and how everybody’s doing it and you went fucking bonkers about it.
Then you come in with your imply, instigate shit that sounded like an LLM threw up all over the comment section
Posts like yours are easy to spot but hard to prove to the rest of the herd because maybe your just some asshat not an actual threat because they really don’t want to believe that’s how the world works. Cause they’re people that like the blissful ignorance or are just lazy/apathetic
But this is clearly tactically applied, and intentional manipulation of the conversation, and while its effective on some clowns its dishonest and its not effective on anyone else outside the uninformed people your playing to rn
You talking to Melusine again? I know he was doing every single one of those things, but are you willing to say they’re bad?
Unless there’s some weird dogwhistle you’re doing here by repeating that phrase over and over.
See how you just gaslight and deflect again and again like a pattern? Its because it is a pattern, one youre deliberately following.
This is how you can tell. Real people don’t usually do that (unless they’re embarrassingly in the wrong and/or are emotionally triggered about it and are just having a freakout about it)
See how its never about the conversation never about the point, just about winning some invisible game they’re playing?
Thats what a bot having a goal is or just a person playing bullshit games and if its all about some government bs (China bad! Say it!), chances are good its some state-sponsored clown sitting on some government desk writing that shit out
Literally what game are you playing right now? Never mind the point of this post, apparently you’ve devolved beyond that. What’s your point?
Tagging in here cause youre obtuse af
Inherently? No. Its always a manner of why and how, whats to gain, whats done with it after, ect.
Like literally everything else morality is a construct determined by every factor that makes it up, every influence, every refraction, of every effect it had over infinity
Punching you in the face, moral? Idk, maybe. It depends I guess
Do you understand a little better? Now stop the posturing games once you calm tf down plz
Don’t be so quick to tell off @Melusine@tarte.nuage-libre.fr for posturing! Maybe they genuinely hate all spying, including the spying committed by the CCP here.
If they didn’t, then complaining about it would be posturing, wouldn’t it, comrade?
Speaking of which, why don’t you tell me what you think of the state-sponsored people in this thread? I prefer on-topic discussion over virtue signaling.
Removed by mod