Dangerous Calendar: A New Tool for Phishing Attacks
![Dangerous Calendar: A New Tool for Phishing Attacks]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-998x499.jpg","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-1996x998.jpg","tablet":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-1150x575.jpg","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-2298x1105.jpg","mobile":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-740x370.jpg","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/38-1-1-1478x739.jpg"})
Did you know that a regular calendar can be used as a tool in a hacker attack? Google researchers discovered that the Chinese hacker group APT41 (also known as HOODOO) used Google Calendar to deliver commands to infected devices.
In October 2024, Google’s Threat Intelligence Group (GTIG) uncovered a phishing campaign in which a compromised government website was spreading ZIP archives containing hidden files. These files launched the malware known as TOUGHPROGRESS, which, once installed, would read specially crafted events in Google Calendar. The event descriptions contained encrypted instructions - this is how the hackers controlled the attacks.
Together with experts from Mandiant FLARE, Google was able to decrypt the code and identify patterns in such events. After that:
- related Google Workspace projects were blocked,
- affected organizations were notified,
- and additional security measures were implemented.
APT41 has been active since 2012, primarily targeting the healthcare, telecommunications, and technology sectors. The group has carried out attacks in over 14 countries and has used dozens of different malicious tools.
This case shows that even everyday workplace tools, such as calendars, can
![Security breach warning and phishing events in Google]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-998x666.jpg","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-1976x1318.jpg","tablet":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-1050x700.jpg","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-2100x1400.jpg","mobile":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-740x494.jpg","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/38-2-1-1478x986.jpg"})
be used in cyberattacks. That’s why it’s crucial for companies to focus on:
- monitoring suspicious calendar activity,
- updating security systems,
- and educating employees on cybersecurity hygiene.
Cybersecurity is not optional - it’s a necessary condition for stable business operations.
![TOP 5 Largest Cryptocurrency Hacks in History]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/1-1-554x277.png","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/1-1-1106x553.png","tablet":"assets\/images\/cache\/assets\/images\/discovery\/1-1-380x190.png","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/1-1-758x379.png","mobile":"assets\/images\/cache\/assets\/images\/discovery\/1-1-560x280.png","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/1-1-1118x559.png"})
![Datami at the Barcelona Cybersecurity Congress 2025: New Horizons in Cybersecurity]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-554x277.jpg","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-1106x553.jpg","tablet":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-380x190.jpg","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-758x379.jpg","mobile":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-560x280.jpg","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/10-1_1-16-9-1118x559.jpg"})
![Top 10 Cyberattacks That Brought Global Corporations to a Halt]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-554x277.png","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-1106x553.png","tablet":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-380x190.png","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-758x379.png","mobile":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-560x280.png","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-6-1-1-1118x559.png"})
![Antivirus Is Not a Shield: Why You Can’t Do Without Pentesting]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-554x277.png","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-1106x553.png","tablet":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-380x190.png","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-758x379.png","mobile":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-560x280.png","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/ds-16-1-1118x559.png"})
![Over 480,000 Catholic Health Patients Affected by Personal Data Breach]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-554x277.png","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-1106x553.png","tablet":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-380x190.png","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-758x379.png","mobile":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-560x280.png","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/2-3-4-1118x559.png"})
![Why Your Smartphone Is at Risk: 5 Common Myths About Mobile Security]({"desktop":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-554x277.png","desktop2x":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-1106x553.png","tablet":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-380x190.png","tablet2x":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-758x379.png","mobile":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-560x280.png","mobile2x":"assets\/images\/cache\/assets\/images\/discovery\/5-2-16-9-1118x559.png"})