Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Joomla! vulnerability is being actively exploited
January 12, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active ...
- Financial Fraud APK Campaign
January 12, 2024
During Unit 42 ivestigation discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting their radar. The research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. To do this, the threat actor masquerades as a law enforcement ...
- Dallas says cyberattack targeted more people than previously disclosed
January 11, 2024
Hackers who targeted the city of Dallas had access to the addresses, Social Security numbers and other personal information of nearly 300 more people than what had been previously disclosed to the public, city officials now say. The city’s spokesperson confirmed on Wednesday that further internal investigations into the cyberattack determined an additional 293 people, including ...
- Medusa Ransomware Turning Your Files into Stone
January 11, 2024
Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive data from victims unwilling to comply with their ransom demands. As ...
- Weaponizing Apache OFBiz CVE-2023-51467
January 11, 2024
On December 26, SonicWall disclosed an authentication bypass affecting Apache OFBiz. SonicWall demonstrated the vulnerability, assigned CVE-2023-51467, by accessing the protected HTTP endpoint /webtools/control/ping without authentication. While that proved the vulnerability existed, it did not demonstrate arbitrary code execution. However, CVE-2023-51467 can be used to execute arbitrary code. And even better, it can be used to ...
- Distributed Energy Generation Gateway (In)Security
January 11, 2024
Distributed energy generation (DEG) is a term used to describe the shift from centralized energy generation, such as power companies, to a source — typically a renewable energy source — closer to the user. It is most often seen in the form of solar panels on the rooftops of houses or office buildings, but DEG also ...