Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Typhon info-stealing malware devs upgrade evasion capabilities
April 5, 2023
The developers of the Typhon info-stealer announced on a dark web forum that they have updated the malware to a major version they advertise as ‘Typhon Reborn V2’ They boast significant improvements designed to thwart analysis via anti-virtualization mechanisms. The original Typhon was discovered by malware analysts in August 2022. Cyble Research Labs analyzed it at the ...
- UK criminal records office suffers two-month “cyber security incident”
April 5, 2023
The UK’s national office for managing criminal record information (ACRO) has confirmed it’s currently trying to recover from a two-month “cyber security incident”. Few details were revealed by the organisation and other authorities, other than that the attack took place between 17 January and 21 March 2023. Read more… Source: IT Pro
- Mantis: New Tooling Used in Attacks Against Palestinian Targets
April 4, 2023
The Mantis cyber-espionage group (aka Arid Viper, Desert Falcon, APT-C-23), a threat actor believed to be operating out of the Palestinian territories, is continuing to mount attacks, deploying a refreshed toolset and going to great lengths to maintain a persistent presence on targeted networks. While the group is known for targeting organizations in the Middle East, ...
- New Rorschach ransomware is the fastest encryptor seen so far
April 4, 2023
Following a cyberattack on a U.S.-based company, malware researchers discovered what appears to be a new ransomware strain with “technically unique features,” which they named Rorschach. Among the capabilities observed is the encryption speed, which, according to tests from the researchers, would make Rorschach the fastest ransomware threat today. Read more… Source: Bleeping Computer
- Uber driver info stolen yet again: This time from law firm
April 4, 2023
Uber has had more of its internal data stolen from a third party that suffered a security breach. This time, the personal info of the app’s drivers was swiped by miscreants from the IT systems of law firm Genova Burns. In a letter to affected drivers, the lawyers said they had looked into the intrusion, and ...
- Western Digital suffers cyber attack, shuts down systems
April 3, 2023
The company said on 3 April that it identified a network security incident on 26 March. It confirmed that an unauthorised third party gained access to a number of the company’s systems. After realising it had been breached, Western Digital enacted its incident response protocols and hired external security and forensic experts. Read more… Source: IT Pro