Chinese hackers impersonated McAfee to attack election campaign staffers

Google also warned of a sharp spike in denial of service attacks.

Bill Hinton Photography via Getty Images

Google warned in June that state-sponsored hackers were targeting 2020 US election campaigns, and now it’s outlining some of the methods those perpetrators used. APT31, a group linked to China, impersonated McAfee (the antivirus software, not its indicted founder) in a bid to trick campaign workers into installing malware. While the software was a real copy stored in GitHub, the ploy would quietly install malware in the background.

If successful, the attack would let intruders run arbitrary commands as well as transfer files.

Researchers further linked China to a large-scale spam network trying to influence the US through YouTube videos (some from hijacked channels) with “clumsy” translations and computer-generated voices. Google said it had disrupted the network, including the removal of more than 3,000 channels, and that it didn’t have any practical reach. There haven’t been any “significant” coordinated influence campaigns on its platforms that targeted US voters, Google said.

The company also pointed to North Korean groups trying to compromise COVID-19 researchers and pharmaceutical firms in September through phishing and malware.

Brute force attacks also played a role, Google added. They’re less common from state-backed groups, but Google pointed to a distributed denial of service attack in 2017 that illustrated the dangers. The tech pioneer had to absorb an attack using a whopping 2.5Tbps of bandwidth spread across several Chinese internet providers. DDoS attacks need a “coordinated response” from the internet, and Google promised to report those efforts when it’s reasonably confident they have state-based origins.