Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- M&S warns shoppers are at risk from scammers after cyber attack
May 14, 2025
Marks & Spencer has warned shoppers to be on the lookout for scam calls and emails after hackers stole customer data from its systems. The retailer is this week writing to customers to alert them that personal data have been taken by cyber criminals, including partial credit card details, contact information, dates of birth and order ...
- Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
May 13, 2025
In July 2024, Trend Micro disclosed the TIDRONE campaign, in which threat actors targeted Taiwan’s military and satellite industries. During their investigation, Trend Micro researchers discovered that multiple compromised entities were using the same enterprise resource planning (ERP) software. This led the researchers to engage with the ERP vendor, through which they uncovered additional details that ...
- Horabot Unleashed: A Stealthy Phishing Threat
May 12, 2025
In April, FortiGuard Labs observed a threat actor using phishing emails with malicious HTML files to spread Horabot, malware that primarily targets Spanish-speaking users. It is known for using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking ...
- Mitel Releases Security Advisory for Mitel SIP Phones
May 12, 2025
Mitel has released security advisory addressing two vulnerabilities in Mitel SIP Phones including Mitel 6800 Series, 6900 Series, 6900w Series and 6970 Conference Unit. CVE-2025-47188 has a CVSSv3 base score of 9.8 and is a ‘command injection’ vulnerability that could allow an unauthenticated attacker to inject and execute arbitrary commands on the device. Exploitation could lead ...
- Marbled Dust leverages zero-day in Output Messenger for regional espionage
May 12, 2025
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft Threat ...
- Cisco Releases May 2025 IOS XE Software Security Advisory Bundled Publication
May 8, 2025
Cisco has released 20 security advisories that describe 26 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco IOS (internetwork operating system) is the operating system used on Networking devices. Cisco IOS XE is a modular version of that operating system, used on newer enterprise networking devices. Cisco has released software updates that ...