Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 2025 Ransomware: Business as Usual, Business is Booming
April 8, 2025
Getting an edge on your adversaries involves understanding their behaviors and their mindset. Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware. The data highlights ...
- Kellogg’s leaks sensitive data after Clop attack
April 8, 2025
WK Kellogg, the company behind the Kellogg’s cereals, has been hit by a major data breach. Cybercriminals from the ransomware group Clop exploited a vulnerability in the software of an external supplier, stealing employees’ personal data. The data breach took place in December 2024, when data was stolen from the file transfer service Cleo. At the ...
- Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches
April 8, 2025
It’s 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code. Yet, data breaches aren’t slowing down—why? Because a single misconfiguration—often as simple as an overly permissive IAM role or an exposed storage bucket—can wreck everything. ...
- How ToddyCat tried to hide behind AV software
April 7, 2025
To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. In early 2024, while investigating ToddyCat-related incidents, Kaspersky researchers detected a suspicious file named version.dll in the temp directory on multiple ...
- Massive Europcar data breach affects around 200,000 customers
April 7, 2025
Europcar has reportedly suffered a data breach in which it lost sensitive data on hundreds of thousands of customers. A threat actor with the alias ‘Europcar’ posted a new thread in an underground forum, claiming to have “successfully breached Europcar’s systems and obtained all their GitLab repositories”. As a result, the attacker took more than 9,000 ...
- Flaw in Verizon call record requests put millions of Americans at risk
April 4, 2025
Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. A vulnerability in the Verizon Call Filter iOS app allowed anyone to request the call logs of millions of ...