Published 3 days ago • loading... • Updated 1 day ago

Chinese Hackers Use Google Calendar in Stealthy New Attack

In late October 2024, Google’s Threat Intelligence Group uncovered that Chinese state-sponsored hackers APT41 used Google Calendar for malware command-and-control operations.
APT41 prepared the attack by compromising a government website to host a phishing ZIP archive that deployed the malware called ToughProgress onto victim devices.
ToughProgress covertly creates zero-minute Google Calendar events on preset dates to exchange encrypted commands and exfiltrate stolen data, avoiding installation on disk for stealth.
Google highlighted that threat actors often exploit cloud platforms to conduct command-and-control operations, blending malicious activities with normal user traffic.
Google dismantled the operation by disabling malicious accounts, updating detections, notifying affected organizations in partnership with Mandiant, and implementing measures to prevent similar attacks.

Insights by Ground AI

Does this summary seem wrong?

12 Articles

All

Left

Center

Right

Tech Radar

Center

Chinese hackers use Google Calendar in stealthy new attack

Google Calendar was used as part of the C2 infrastructure, so users should take care.

2 days ago·United Kingdom

Read Full Article

Washington Times

Lean Right

Chinese hackers used Google Calendar to target government agencies

Google says a Chinese-backed hacking group exploited Google Calendar to infect government agencies with malware.

2 days ago·United States

Read Full Article

Cybersecurity Dive

Center

Google: China-backed hackers hiding malware in calendar events

The APT41 nation-state threat group is exploiting yet another cloud service to mask its operations, according to new research.

2 days ago

Read Full Article

Numerama

How Chinese Hackers Turned Google Calendar Into a Cyber Attack Steering Center

Google Threat Intelligence unveils an unprecedented cyberattack campaign orchestrated by Chinese group APT41. Their secret weapon? Google Calendar, hijacked to serve as a remote control and control center. Explanations. It is a report published on May 28 by Google Threat Intelligence that alerts a

1 day ago

Read Full Article

India Daily Mail

Google reveals malware undertaking by China- related cyberpunks using Calendar events in an progressive cyberattack

In a worrying discovery, Google’s Threat Intelligence Group (GTIG) has really revealed {that a} workforce of cyberpunks related to China utilized Google Calendar as a tool to take delicate information from individuals. The workforce, referred to as APT41 or HOODOO, is believed to have connections to the Chinese federal authorities. According to GTIG, the strike began with a spear phishing undertaking. This method entails sending out very rigoro…

2 days ago

Read Full Article

thenewsfacts.com

Hackers Target Google Calendar with New Malware Attack

New Delhi, May 30, 2025 – Cybersecurity experts have uncovered a new wave of cyberattacks linked to a malicious software named TOUGHPROGRESS, engineered by the notorious hacker group APT41. This alarming malware campaign is reportedly targeting Google Calendar, exploiting the platform to infiltrate high-security systems, particularly government websites—and demand ransom in exchange for restored access. The findings were revealed by cybercrime i…

2 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year