The Chinese state-sponsored hacking group APT41, also known as HOODOO, has been found exploiting the Google Command and Control (GC2) red teaming tool in data theft attacks against a Taiwanese media company and an Italian job search firm. APT41 has been tracked by Mandiant since 2014 and is known to target industries in the US, Asia, and Europe. GC2 is an open-source project designed for red teaming activities, allowing agents to be deployed on compromised devices to receive commands from a Google Sheets URL. Google's Threat Analysis Group disrupted an APT41 phishing attack that attempted to distribute the GC2 agent via phishing emails. While the payloads used in these attacks are unknown, APT41 is known to use a variety of malware, including rootkits, bootkits, and backdoors. The group has also been indicted by the Department of Justice for conducting supply chain attacks, data theft, and breaches against countries worldwide. The use of legitimate red teaming tools and remote monitoring and management (RMM) platforms is a growing trend among threat actors.

‍