According to Proofpoint, Chinese sponsored phishing campaign started in January and continued throughout February and was managed by the TA413 APT group, a threat group that’s aligned with the Chinese Communist Party’s state interests.
Hackers Modus Operandi
TA413 attackers targeted the organizations by sending a fraudulent email, once the victim opened the email it redirected the victim to the attacker-controlled you-tube[.] domain that displays a fake Adobe Flash Player Update landing page.
Threat actors specifically targeted the Firefox users and users with an active Gmail session were prompted to download the malicious add-on. If the potential target used any other web browser, they would get redirected to the legitimate YouTube login page.
According to Proofpoint, threat actors could exploit the following functions on infected browsers:
• Search emails
• Archive emails
• Receive Gmail notifications
• Read emails
• Alter Firefox browser audio and visual alert features
• Label emails • Marks emails as spam
• Delete messages
• Refresh inbox
• Forward emails
• Perform function searches
• Delete messages from Gmail trash
• Send mail from the compromised account
Firefox (based on browser permissions):
• Access user data for all websites
• Display notifications
• Read and modify privacy se ..