126
Google catches Beijing spies using Sheets to spread espionage across 4 continents
(www.theregister.com)
- The Chocolate Factory announced the Google Threat Intelligence Group-led actions on Wednesday and said that, in partnership with other teams, it terminated all Google Cloud Projects that had been controlled by UNC2814, a group that GTIG has tracked since 2017. They also disabled all known UNC2814 infrastructure and accounts, and revoked access to the Google Sheets API calls used by the Chinese snoops for command-and-control (C2) purposes.
- "As of Feb. 18, GTIG's investigation confirmed that UNC2814 has impacted 53 victims in 42 countries across four continents, and identified suspected infections in at least 20 more countries," the threat hunters said in the report.
- The security sleuths uncovered this campaign during a Mandiant investigation into suspicious activity in a customer's environment. Specifically, this binary, "/var/tmp/xapt," initiated a shell with root privileges, and then executed a command to retrieve the system’s user and group identifiers to confirm it had successfully escalated to root.
- Google suspects the payload was named xapt, after the command-line tool in Debian and Ubuntu systems, to make it easier to hide in the victim's environment and look like a legitimate tool.
- The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
- The intruders also used a novel backdoor, Gridtide, that abuses legitimate Google Sheets API functionality to disguise its command-and-control (C2) traffic. Mandiant has linked Gridtide to UNC2814.
- After breaking in, the spies moved laterally via SSH, performed reconnaissance, escalated privileges, and then deployed the Gridtide backdoor using a command, "nohup ./xapt," that allows it to run even after the user closes the session.
- "Subsequently, SoftEther VPN Bridge was deployed to establish an outbound encrypted connection to an external IP address," the threat intel team wrote. "VPN configuration metadata suggests UNC2814 has been leveraging this specific infrastructure since July 2018."
- The C-based backdoor uses Google Sheets as its C2 platform, can execute shell commands, and can upload and download files. In this case, the attacker deployed Gridtide on an endpoint containing personal information - likely to identify and track persons of interest - including full name, phone number, date and place of birth, voter ID and national ID numbers.
When tf did I say state sponsored surveillance it was OK? Never that's when.
They made a level headed comment about how prevalent state sponsored spying is in GENERAL is bad and how everybody's doing it and you went fucking bonkers about it.
Then you come in with your imply, instigate shit that sounded like an LLM threw up all over the comment section
Posts like yours are easy to spot but hard to prove to the rest of the herd because maybe your just some asshat not an actual threat because they really don't want to believe that's how the world works. Cause they're people that like the blissful ignorance or are just lazy/apathetic
But this is clearly tactically applied, and intentional manipulation of the conversation, and while its effective on some clowns its dishonest and its not effective on anyone else outside the uninformed people your playing to rn
You talking to Melusine again? I know he was doing every single one of those things, but are you willing to say they're bad?
Unless there's some weird dogwhistle you're doing here by repeating that phrase over and over.
See how you just gaslight and deflect again and again like a pattern? Its because it is a pattern, one youre deliberately following.
This is how you can tell. Real people don't usually do that (unless they're embarrassingly in the wrong and/or are emotionally triggered about it and are just having a freakout about it)
See how its never about the conversation never about the point, just about winning some invisible game they're playing?
Thats what a bot having a goal is or just a person playing bullshit games and if its all about some government bs (China bad! Say it!), chances are good its some state-sponsored clown sitting on some government desk writing that shit out
Literally what game are you playing right now? Never mind the point of this post, apparently you've devolved beyond that. What's your point?
That your a intentionally placed comment farmer playing to whatever side pays you the most or an ideological comment farmer who works for a government likely highly supportive of the USA 👍
Using your metric: when you and your friend jumped into this thread to talk about a completely different topic, what should I assume about you?
My friend? Oh right the innocent person you were psychologically abusing
According to your metrics, how abusive are you being?
I'm not DMing with you, buddy
2 down votes in a few minutes buddy. There ain't no one reading this post that are that opinionated in the 2 minutes that took. So I threw some shade 😎
Ah I see. Disagreement is harassment, unless it involves calling someone nonhuman, then it's fine
And the upvotes are right, unless they're for the wrong person, and then they're fake.
Get well soon friend.
No harassment is harassment, saying that they did shit they didn't do and said shit they didnt say is called gas-lighting and is defined as psychological abuse.
https://www.medicalnewstoday.com/articles/gaslighting
Also bot votes don't matter so I was pointing to that idea
"State-sponsored comment farms, often referred to as "troll farms," are organized groups that create and disseminate online comments and content to influence public opinion and manipulate discussions, typically in favor of government narratives. These operations are often linked to specific countries, such as Russia, where they employ paid commentators to spread disinformation across social media and forums."
https://spideraf.com/articles/the-rise-of-click-farms-and-their-impact-on-digital-advertising-and-online-engagement