Mark Your Calendar: APT41 Innovative Tactics

GTIG describes APT41’s ongoing malware campaigns that abused Google Workspace apps and free web-hosting platforms (Cloudflare Workers, InfinityFree, TryCloudflare) and URL shorteners to distribute TOUGHPROGRESS, VOLDEMORT, DUSTTRAP and other payloads; Google disrupted attacker-controlled Calendars and Workspace projects, added domains/URLs and file detections to Safe Browsing, and shared IOCs and traffic samples with affected organizations and partners.