New China-linked cyberespionage campaign exploits Windows, Google Drive

China-linked threat operation Silver Dragon, which is believed to be operating within the APT41 umbrella, has weaponized legitimate Windows services and Google Drive in a new cyberespionage campaign aimed at government entities and public sector organizations, Cybernews reports.

Aside from hijacking Windows Update, .NET utilities, and Bluetooth components with malware to ensure persistence and stealth, Silver Dragon has leveraged a dedicated Google Drive account as command-and-control infrastructure for its GearDoor backdoor, with the use of a trusted cloud platform curbing detection, according to a Check Point Research analysis. Other tools, including the screenshot-capturing SilverScreen and remote command-executing SSHcmd, have also been harnessed by the hacking group.

"Silver Dragon utilizes different initial access vectors, hiding inside trusted Windows services and widely used platforms like Google Drive. This research shows that security can no longer treat cloud traffic and core operating system components as inherently safe," said Check Point Software Threat Intelligence Group Manager Sergey Shykevich.