Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data breach exposes 400,000 bank customers’ information
December 20, 2025
A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data. At least 400,000 people are confirmed to be affected so far across multiple states. ...
- U.S. DOJ: Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware
December 19, 2025
Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks. Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, ...
- Cisco email security products actively targeted in zero-day campaign
December 19, 2025
A China-affiliated threat actor has been abusing a zero-day vulnerability in multiple Cisco email appliances to gain access to the underlying system and establish persistence. Cisco confirmed the news in a blog post and a security advisory, urging users to apply provided recommendations and harden their networks. In its announcement, Cisco said it first spotted the ...
- Thailand says Cambodia border fight is also a war on scammers
December 19, 2025
Thailand’s army has recast its deadly clash with Cambodia as a battle against cybercriminals, adding a new motive for bombing runs across the border that it says are aimed at rooting out scammers. Calling the strikes a “war against the scam army,” a military division involved in the border fight said this week it’s on the ...
- Cloud Atlas activity in the first half of 2025: what changed
December 19, 2025
Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...
- CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
December 19, 2025
On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 ...