Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GenAI Is Powering the Latest Surge in Modern Email Threats
May 6, 2024
Generative artificial intelligence (GenAI) tools like ChatGPT have extensive business value. They can write content, clean up context, mimic writing styles and tone, and more. But what if bad actors abuse these capabilities to create highly convincing, targeted and automated phishing messages at scale? No need to wonder as it’s already happening. Not long after the ...
- Portland-based BerryDunn faces lawsuits over data breach affecting 1.1M people
May 6, 2024
A Maine accounting firm has been sued after a data breach exposed the personal information of more than a million people. BerryDunn, an accounting firm based out of Portland, is facing lawsuits from nine different people. The lawsuits claim that names and Social Security numbers of 1.1 million people were exposed in the breach involving one ...
- Germany recalls envoy to Russia over cyberattack
May 6, 2024
The German ambassador to Russia was recalled for consultations on Monday after Berlin accused Moscow of carrying out cyberattacks. A newly concluded government investigation found the cyberattack had been carried out by a group — linked to Moscow’s GRU military intelligence agency — known as APT28. The group, also known as Fancy Bear, has been accused ...
- Singapore law firm Shook Lin & Bok hit by cyber attack; allegedly paid ransom
May 5, 2024
Singapore law firm Shook Lin & Bok was hit by a ransomware attack in April, and the incident is now under investigation by the local authorities. In response to queries from The Straits Times, the firm said in a statement on May 2 that the incident was discovered on April 9, and it immediately engaged a ...
- U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems
May 3, 2024
The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...
- Graph: Growing number of threats leveraging Microsoft API
May 2, 2024
An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for ...