Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Scammers impersonating TSA pre-check to steal your money and information
December 10, 2024
A new warning as we head into the busy holiday travel season. It would be best to be on guard for fake TSA precheck websites. “We are seeing a disturbing trend of mimicking TSA-like sites,” says Karin Zilberstein with Guardio, a browser extension that identifies fake websites and other malware. She says Guardio has discovered ...
- Romanian energy supplier struck by ransomware attack
December 10, 2024
Romanian energy supplier Electrica Group has confirmed suffering a cyberattack in the latest incident to hit major institutions in the country. In a press announcement, the company said it was investigating an “ongoing cyberattack” together with the local law enforcement. The company did not detail the attack, its nature, goal, or the identity of the threat ...
- Encrypted messaging service intercepted, 2.3 million messages read by law enforcement
December 9, 2024
European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted ...
- Fake video conferencing apps are targeting Web3 workers to steal their data
December 9, 2024
Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry. Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS. In some examples observed by the researchers, the ...
- “Termite” ransomware group claims responsibility for the Blue Yonder attack
December 9, 2024
On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...
- Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs
December 7, 2024
The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...