Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
March 1, 2023
Iron Tiger is an advanced persistent threat (APT) group that has been focused primarily on cyberespionage for more than a decade. In 2022, we noticed that they updated SysUpdate, one of their custom malware families, to include new features and add malware infection support for the Linux platform. We found the oldest sample of this updated ...
- “Major” cyberattack compromised sensitive U.S. Marshals Service data
February 28, 2023
The U.S. Marshals Service is investigating a major ransomware attack that has compromised some of its most sensitive information, including law enforcement materials, and the personal information of employees and potential targets of federal investigations. The cyberattack was considered a “major incident” by officials, impacting a “stand-alone” system (meaning it is not connected to a larger ...
- SCARLETEEL hackers use advanced cloud skills to steal source code, data
February 28, 2023
An advanced hacking operation dubbed ‘SCARLETEEL’ targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. SCARLETEEL was discovered by cybersecurity intelligence firm Sysdig while responding to an incident in one of their customers’ cloud environments. Read more… Source: Bleeping Computer
- RIG Exploit Kit still infects enterprise users via Internet Explorer
February 27, 2023
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service’s long operational history. By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. Read more… Source: Bleeping Computer
- A Deep Dive into the Evolution of Ransomware Part 3
February 27, 2023
Ransomware is an ever-growing problem that has wreaked havoc across a multitude of industries, with astronomical ransom demands leaving businesses and infrastructure feeling powerless. From major hospitals to enterprises – no sector was immune from the impact of ransomware’s widespread infiltration in recent years. Trend Micro researchers discussed what triggers threat actors from changing their business ...
- LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
February 27, 2023
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for over two months. LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. Read more… Source: Bleeping Computer