Using Google Calendar as C2 - APT41 Hackers from China

APT41, a state-sponsored advanced persistent threat hacking group from China, was found to be utilising Google Calendar as a C2 channel.

In this video, we mimic the interesting TTP in the attack chain of APT41 - using Google Calendar as C2. Thankfully we were able to find a publicly available tool, GCR-Google-Calendar-RAT on Github which does the heavy lifting for us.

PS: Windows Defender and all of its features were enabled in the video (except Automatic Submission)

Reference:
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
https://github.com/MrSaighnal/GCR-Google-Calendar-RAT
https://developers.google.com/workspace/calendar/api/guides/overview

Previous LNK Video:
https://youtu.be/2quFtQU-npY?si=E8CqaxfhL_WU_a7y

Windows Domain Active Directory Playlist:
https://youtube.com/playlist?list=PL0UJtYdHHM46sIZbkieIe6BhKzfu4QOI9&si=NTZ3M9y19z0Pp4PC

Free Udemy course:
https://www.udemy.com/course/intro-to-phishing/

buymeacoffee (or beer)
buymeacoffee.com/gemini.cyber

DISCLAIMER:
All content posted on this Youtube channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this Youtube channel is entirely YOUR responsibility.

We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.

Stay connected:
Twitter: https://twitter.com/gemini_security
Udemy: https://www.udemy.com/user/gemini-88/
Github: https://github.com/gemini-security
Discord: https://discord.com/invite/u9Qxxbamke

Видео Using Google Calendar as C2 - APT41 Hackers from China канала Gemini Cyber Security