Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat landscape for industrial automation systems for H2 2022
March 6, 2023
In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. This was higher than the percentages for 2021 and even 2020. Read more… Source: Kaspersky
- DoppelPaymer ransomware suspects cuffed, alleged ringleaders escape
March 6, 2023
German and Ukrainian cops have arrested suspected members of the DoppelPaymer ransomware crew and issued warrants for three other “masterminds” behind the global operation that extorted tens of millions of dollars and may have led to the death of a hospital patient. The criminal gang, also known as Indrik Spider, Double Spider and Grief, used double-extortion ...
- Spike in LokiBot Activity During Final Week of 2022
March 3, 2023
Unit 42 researchers have uncovered a malware distribution campaign that is delivering the LokiBot information stealer via business email compromise (BEC) phishing emails. This malware is designed to steal sensitive information from victims’ systems, such as passwords and banking information, as well as other sensitive data. In this blog, Unit 42 researchers will explain how attackers used ...
- Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer
March 2, 2023
Recently, Trend Micro researchers noticed a spike in the number of emails received by one of our customers. After further investigation, they found that three other customers in the hospitality industry were also affected. The researchers observed that most of the emails had subject lines that attempt to catch victims’ attention: “help,” “requesting for assistance,” ...
- Subdomain Reputation: Detecting Malicious Subdomains of Public Apex Domains
March 2, 2023
Cybercriminals regularly leverage popular dynamic domain name system (DDNS) or web hosting services to store and distribute their content. Threat actors leverage these for command and control (C2), malware distribution and phishing. This abuse has created the need for new detection methods for malicious subdomains. DDNS and web hosting services often allow people to serve content ...
- Leveraging data science to minimize the blast radius of ransomware attacks
March 2, 2023
As ransomware groups continue to build on their arsenal of tactics, techniques, and procedures (TTPs), it’s essential for cybersecurity professionals to assess the levels of risk to their organizations using multiple sources of information for a comprehensive outlook on this ever-evolving threat. Common Vulnerabilities and Exposures (CVE) data, for example, can guide defenders in determining ...