Google says: It appears that the hackers are the same group that unsuccessfully targeted the presidential campaign of former Vice President (Joe Biden) with the phishing attack earlier this year. A similar group of Iranian-based hackers attempted to target President Trump’s campaign, but was unsuccessful either.
Google added that the group – which the company refers to as APT 31 (short for “Advanced Persistent Threat”) – sends via email links to users who download malware hosted on GitHub, allowing the attacker to upload files, download them, and execute commands. And because the group used services such as: GitHub and Dropbox to carry out the attacks, tracking them became more difficult.
“Every malicious piece of this attack was hosted by legitimate services, making it difficult for defenders to rely on network signals to detect them,” Shane Huntley, head of the Google Threat Analysis Group, wrote in the blog post.
In a fraud that impersonates an antivirus (McAfee), the recipient of the email is required to install a legitimate version of (McAfee) software from GitHub; Install malware at the same time without the user’s knowledge. Huntley noted that when Google detects that a user has been the victim of an attack supported by a government, it sends him a warning.
The Google post did not mention the identity of those affected by the recent APT-31 attacks, but stated that there was “an increased interest in the threats posed by APTs in the context of the US elections.” Google has shared its findings with the FBI.
Microsoft has warned Last September, one of the main consulting firms for the election campaign of Democratic candidate (Joe Biden) was targeted by suspected Russian state hackers, according to Reuters, citing three people familiar with the matter.
The sources told Reuters: The hacking attempts have targeted employees of Washington-based SKDKnickerbocker, a campaigning strategy and communication company that has been working with Biden and other prominent Democrats, over the past two months.