Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Venezuela’s PDVSA suffers cyberattack
December 15, 2025
Venezuela’s state-run oil company PDVSA has been subject to a cyberattack, it said on Monday, adding its operations were unaffected, even though four sources said systems remained down and oil cargo deliveries were suspended. PDVSA and the oil ministry blamed the U.S. for the cyberattack on Monday, saying it was carried out by “foreign interests in ...
- Amazon security boss blames Russia’s GRU for years-long energy-sector hacks
December 15, 2025
Russia’s Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin’s snoops persistent access to sensitive networks, according to Amazon’s security boss. “The campaign demonstrates sustained focus on Western critical infrastructure, particularly the energy sector, with operations spanning ...
- SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums
December 15, 2025
Rapid7 Labs has identified a new malware-as-a-service information stealer being actively promoted through Telegram channels and on underground hacker forums. The stealer is advertised under the name “SantaStealer” and is planned to be released before the end of 2025. Open source intelligence suggests that it recently underwent a rebranding from the name “BluelineStealer.” The malware collects ...
- PayPal closes loophole that let scammers send real emails with fake purchase notices
December 15, 2025
After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that cybercriminals were abusing a PayPal feature that allows merchants to pause a customer’s subscription. Read more… Source: Malwarebytes Labs Sign up ...
- French government hit by cyberattack
December 15, 2025
The French Interior Ministry has confirmed recently suffering a cyberattack, but the consequences are still being determined. The French Minister of Interior said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing threat actors to access some document files. However, it is currently unclear if they managed to ...
- LastPass 2022 Data Breach — 1.6 Million Users Exposed By Security Failure
December 14, 2025
Any data breach affecting 1.6 million people is big news, especially when it involves one of the most prominent password managers out there: LastPass. The U.K. Information Commissioner’s Office has just fined LastPass £1.2 million ($1.6 million) for failing to “implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access ...