Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Using Python to unearth a goldmine of threat intelligence from leaked chat logs
June 1, 2022
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. It aims to help threat analysts acquire, enrich, ...
- FBI: Karakurt Data Extortion Group
June 1, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a ...
- Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
May 31, 2022
Trend Micro researchers observed vulnerability CVE-2022-29464 being exploited in the wild since April, allowing unrestricted file uploads resulting to arbitrary remote code execution (RCE). Disclosed and patched in April, the security gap was ranked Critical at 9.8 and affects a number of WSO2 products. It requires no user interaction and administrative privileges for abuse, and ...
- Italy warns organizations to brace for incoming DDoS attacks
May 30, 2022
Italy’s Computer Security Incident Response Team (CSIRT) has issued an urgent alert to raise awareness about the high risk of cyberattacks against national entities on Monday. The type of cyberattack the Italian organization refers to is DDoS (distributed denial-of-service), which may not be catastrophic but can still cause damage, financial or otherwise, due to service outages ...
- Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled
May 30, 2022
Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of ...
- Australian digital driving licenses can be defaced in minutes
May 30, 2022
An Australian digital driver’s license (DDL) implementation that officials claimed is more secure than a physical license has been shown to easily defaced, but authorities insist the credential remains secure. New South Wales, Australia’s most populous state, launched its DDL program in 2019, and as of 2021 officials there said that slightly more than half of ...