Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- More UK councils caught by Capita’s open AWS bucket blunder
May 22, 2023
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega breach. Colchester City Council was the first to step forward last week to claim that tech ...
- Cyber Signals: Shifting tactics fuel surge in business email compromise
May 19, 2023
Today Microsoft released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC). Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022. Successful BEC attacks cost organizations hundreds of millions of dollars annually. In 2022, the FBI’s Recovery ...
- Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range
May 19, 2023
Apple has issued a bushel of security updates and warned that three of the flaws it’s fixed are under active attack. The three are CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, all of which impact the WebKit browser engine that Apple champions and employs in its Safari browser – and demands be used by other browsers on iOS. Read more… Source: ...
- CloudWizard APT: the bad magic story goes on
May 19, 2023
In March 2023, Kaspersky researchers uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of Kaspersky report about CommonMagic, Kaspersky researchers have been looking for ...
- Man jailed for running multimillion-pound criminal website iSpoof
May 19, 2023
The man responsible for running a multimillion-pound fraud website, used by scammers to trick people into handing over their bank details, has been jailed. Tejay Fletcher, 35, pleaded guilty to running iSpoof, a website that allowed criminals and fraudsters to appear as if they were calling from banks, tax offices and other official bodies in an ...
- CISA Releases Five Industrial Control Systems Advisories
May 18, 2023
CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Three Industrial Control Systems Advisories