The hacker group is referred to as APT 31 (Advance Persistent Threat) by Google. The Chinese hackers follow a similar pattern of sending email to users, forcing them to download malware hosted on GitHub. This allowed hackers to download files and execute commands.
Shane Huntley, the head of Google’s Threat Analysis Group said, “US government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem.”
By using services such as GitHub and Dropbox, the attackers made it extremely difficult to track the origin of attacks. The malware was built using Python programming language, which will allow attackers to execute commands through Dropbox cloud storage.
According to Google, the same hackers’ group has tried to hijack email accounts of President Trump’s campaign staffers. The government agencies in the US have been warned about different threat actors. Google has worked closely with them to share intelligence about these attackers.
In the McAfee impersonating attacks, the victims receive an email prompting them to install McAfee from GitHub. While downloading the fake McAfee version, users do not realise that their system is also installing malware without their consent.