Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Apple notifies new victims of spyware attacks across the world
April 30, 2025
Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google ...
- The Co-op fights attempted hack as M&S cyber attack rages on
April 30, 2025
The Co-op has been forced to shut off parts of its IT systems after it was confronted with an attempted hack. The Manchester-headquartered group has confirmed some of its back office and call centre services have been impacted. However, it added that all its stores, including grocery and funeral homes are trading as usual. It comes ...
- Phishing Domains Associated with LabHost PhaaS Platform Users
April 29, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was one of the world’s largest PhaaS providers, offering a range of illicit services for approximately ...
- Gremlin Stealer: New Stealer on Sale in Underground Forum
April 29, 2025
Unit 42 researchers have identified new information-stealing malware written in C#, called Gremlin Stealer. This stealer’s authors have actively advertised it on a Telegram group since mid-March 2025. This information-stealing malware exfiltrates data from its victims and uploads this information to its web server for publication. It can capture data from browsers, the clipboard and the ...
- Outlaw cybergang attacking targets worldwide
April 29, 2025
In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Previous research described Outlaw samples obtained from honeypots. In this ...
- Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
April 28, 2025
On Thursday, April 24, enterprise resource planning company SAP published a CVE (and a day later, an advisory behind login) for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in Visual Composer’s Metadata Uploader component that, when successfully exploited, allows unauthenticated ...