Chinese Hacker Group APT41 Uses Google Calendar to Spy with New Malware

Google said that a Chinese hacker group called APT41 used a new kind of bad software called TOUGHPROGRESS to spy on governments. This bad software uses Google Calendar in a smart way to send commands and steal information.

Here is how it works:

The hackers sent emails with a link to a fake file on a government website.

When someone clicked the file, it showed a fake document but secretly put bad software on the computer.

The bad software talks to the hackers by reading and writing events on a Google Calendar the hackers control.

It uses calendar events to send orders and steal data without anyone noticing.

The bad software hides itself well to avoid being caught, using tricks like secret codes and running only in the computer’s memory.

Google found this attack in late 2024 and quickly closed the bad Google Calendar and related accounts to stop the hackers. The companies and governments attacked were told about it.

APT41 is a well-known hacker group that has attacked many industries like shipping, media, and technology all over the world. This is not the first time they used Google’s tools to hide their attacks — before, they used Google Drive and Google Sheets for spying too.