{"id":110339,"date":"2025-06-09T21:10:42","date_gmt":"2025-06-09T21:10:42","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=110339"},"modified":"2025-06-09T21:10:46","modified_gmt":"2025-06-09T21:10:46","slug":"apt41-hackers-using-google-calendar-for-malware","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/","title":{"rendered":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities"},"content":{"rendered":"\n

A recent campaign by Chinese state-sponsored threat actor APT41 has unveiled a novel exploitation of Google Calendar for malware command-and-control (C2) operations, marking a significant escalation in cyberespionage tactics.<\/p>\n\n\n\n

The group, tracked under aliases including BARIUM and Brass Typhoon, targeted Taiwanese government entities through a multi-stage attack chain combining spearphishing, image-based payload delivery, and covert C2 via widely trusted cloud services.<\/p>\n\n\n\n

The campaign during forensic analysis<\/a> of a compromised government website, revealing a sophisticated workflow designed to evade traditional detection mechanisms.<\/p>\n\n\n\n

The attack begins with spearphishing emails distributing ZIP archives labeled “\u51fa\u5883\u6d77\u95dc\u7533\u5831\u6e05\u55ae.zip” (“Export Customs Declaration List.zip”).<\/p>\n\n\n\n

Resecurity researchers identified<\/a> that inside, the victims encounter a shortcut LNK file masquerading as a PDF (“\u7533\u5831\u7269\u54c1\u6e05\u55ae.pdf.lnk”) and an image folder containing seven files.<\/p>\n\n\n\n

While files 1\u20135 display legitimate arthropod specimens, 6.jpg and 7.jpg harbor encrypted malware components. When executed, the LNK file displays a decoy PDF about export regulations while silently deploying APT41’s ToughProgress malware suite.<\/p>\n\n\n

\n
\"\"
Encrypted malware components (Source – Resecurity)<\/figcaption><\/figure><\/div>\n\n\n

This three-module framework\u2014PLUSDROP, PLUSINJECT, and TOUGHPROGRESS\u2014combines memory-resident execution, process hollowing, and cloud-based C2 to maintain persistence<\/a>.<\/p>\n\n\n\n

Resecurity analysts noted the campaign’s innovation lies in its abuse of Google Calendar events for bidirectional communication. Unlike traditional C2 servers, this approach blends malicious traffic with legitimate Google Workspace API requests, complicating network-based detection.<\/p>\n\n\n

\n
\"\"
Rundll32.exe attempts to decrypt 6.jpg (Source – Resecurity)<\/figcaption><\/figure><\/div>\n\n\n

The Tactics, Techniques, and Procedures (TTPs) map to 14 distinct MITRE ATT&CK<\/a> entries, spanning initial access (T1566.001) to exfiltration (T1041).<\/p>\n\n\n\n

Covert C2 Infrastructure Through Google Calendar Event Manipulation<\/strong><\/h2>\n\n\n\n

The TOUGHPROGRESS module establishes persistence by creating Google Calendar events dated back to 2023, embedding AES-encrypted commands within event descriptions.<\/p>\n\n\n\n

The malware<\/a> periodically checks these events using OAuth2 tokens, mimicking legitimate calendar synchronization behavior.<\/p>\n\n\n\n

Commands are decrypted using a hardcoded key (0x7D in XOR operations) and executed via injected svchost.exe processes.<\/p>\n\n\n\n

\/\/ Sample decryption routine for calendar event data\nvoid decrypt_payload(char* encrypted_data, size_t len) {\n    const char KEY = 0x7D;\n    for (size_t i = 0; i < len; i++) {\n        encrypted_data[i] ^= KEY;\n    }\n}<\/code><\/pre>\n\n\n\n
Execution results are exfiltrated by creating new calendar events with BASE64-encoded output appended to seemingly benign descriptions.<\/p>\n\n\n\n
For instance, an event titled “Budget Meeting Q3” might contain exfiltrated registry data within its description field.<\/p>\n\n\n\n
This technique capitalizes on the trustworthiness of Google services\u201476% of enterprise firewalls whitelist *.google.com domains, enabling undisturbed data transit.<\/p>\n\n\n\n
The malware further obfuscates C2 patterns using dynamically generated Cloudflare<\/a> Workers subdomains (*.trycloudflare[.]com) as proxy relays.<\/p>\n\n\n\n
These domains resolve to Google Calendar API endpoints, creating a hybrid infrastructure that blends bulletproof hosting with legitimate cloud services.<\/p>\n\n\n\n
Key Indicators of Compromise (IOCs) include the malicious 6.jpg (SHA-256: 50124174a4ac0d65bf8b6fd66f538829d1589edc73aa7cf36502e57aa5513360) and 7.jpg files, which contain XOR-encrypted PE headers.<\/p>\n\n\n\n
Memory analysis reveals signature evasion techniques such as:-<\/p>\n\n\n\n
    \n
  1. API hashing<\/strong>: Critical functions like LdrLoadDll<\/code> are resolved via custom hash algorithms rather than direct imports<\/li>\n\n\n\n
  2. Section stomping<\/strong>: Malware overwrites .text sections of legitimate processes with malicious code<\/li>\n\n\n\n
  3. Shimcache manipulation<\/strong>: Timestamps of malicious files are spoofed to match system binaries<\/li>\n<\/ol>\n\n\n\n
    ; Example of API hashing for kernel32!CreateProcessA\nmov edi, 0x8F1D8844   ; Precomputed hash value\ncall resolve_api_by_hash\ntest eax, eax\njz error_handler<\/code><\/pre>\n\n\n\n
    Defenders should monitor for abnormal svchost.exe instances with open connections to *.googleapis.com\/calendar\/v3 and inspect calendar event metadata for BASE64 blobs.<\/p>\n\n\n\n
    Resecurity recommends implementing application allowlisting for rundll32.exe and constraining Google Workspace API permissions to mitigate similar campaigns.<\/p>\n\n\n\n
    This operation shows the APT41’s continued evolution in exploiting trust relationships between users, software, and cloud providers.<\/p>\n\n\n\n
    As geopolitical tensions heighten, such hybrid C2 mechanisms will likely proliferate among state-aligned threat actors seeking plausible deniability.<\/p>\n\n\n\n
    Speed up and enrich threat investigations with Threat Intelligence Lookup! ->\u00a050 trial search requests<\/strong><\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
    A recent campaign by Chinese state-sponsored threat actor APT41 has unveiled a novel exploitation of Google Calendar for malware command-and-control (C2) operations, marking a significant escalation in cyberespionage tactics. The group, tracked under aliases including BARIUM and Brass Typhoon, targeted Taiwanese government entities through a multi-stage attack chain combining spearphishing, image-based payload delivery, and covert […]<\/p>\n","protected":false},"author":6,"featured_media":110341,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-110339","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"\nAPT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities<\/title>\n<meta name=\"description\" content=\"APT41 used Google Calendar as covert C2 in a Taiwan cyberespionage campaign, blending spearphishing & image payloads to evade detection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities\" \/>\n<meta property=\"og:description\" content=\"APT41 used Google Calendar as covert C2 in a Taiwan cyberespionage campaign, blending spearphishing & image payloads to evade detection.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-09T21:10:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-09T21:10:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities","description":"APT41 used Google Calendar as covert C2 in a Taiwan cyberespionage campaign, blending spearphishing & image payloads to evade detection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/","og_locale":"en_US","og_type":"article","og_title":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities","og_description":"APT41 used Google Calendar as covert C2 in a Taiwan cyberespionage campaign, blending spearphishing & image payloads to evade detection.","og_url":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-06-09T21:10:42+00:00","article_modified_time":"2025-06-09T21:10:46+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities","datePublished":"2025-06-09T21:10:42+00:00","dateModified":"2025-06-09T21:10:46+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/"},"wordCount":581,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/","url":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/","name":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-06-09T21:10:42+00:00","dateModified":"2025-06-09T21:10:46+00:00","description":"APT41 used Google Calendar as covert C2 in a Taiwan cyberespionage campaign, blending spearphishing & image payloads to evade detection.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#primaryimage","url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/apt41-hackers-using-google-calendar-for-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"APT41 Hackers Using Google Calendar for Malware Command-and-Control To Attack Government Entities"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjrJJ0XzMDlpw55s_6a9z3bFkZWNPMF05nTmL9d5V5vAL6NRxFaFpbA7ltji56fgdHAanaewoTrY7Bs_s18uSZALo__fOlKF_Aw19M4vsgb00KdAxJz6ePx-H9A4tbYGJ7PAGKCVpg2v9kbhh7hlFqVEUmfDb78Ra7k6SEERJiKCAr5OC9R3mHEm-VCapo\/s16000\/APT41%20Hackers%20Using%20Google%20Calendar%20for%20Malware%20Command-and-Control%20To%20Attack%20Government%20Entities.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=110339"}],"version-history":[{"count":1,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110339\/revisions"}],"predecessor-version":[{"id":110340,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110339\/revisions\/110340"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/110341"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=110339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=110339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=110339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}