Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- German Government Summons Russian Ambassador Over Major Cyberattack
December 12, 2025
The German government has formally summoned the Russian ambassador following the attribution of a significant cyberattack and coordinated disinformation campaign to Russian actors. This development comes amid heightened concerns regarding interference in Germany’s political processes and critical infrastructure. According to official statements, the cyberattack in question targeted the German Air Traffic Control (Deutsche Flugsicherung, DFS) in ...
- Lazarus, Kimsuky Conduct 58 Attacks Targeting South Korea
December 12, 2025
The North Korean hacking group Lazarus, affiliated with the Reconnaissance General Bureau, is strongly suspected to be behind a 4.45 billion Korean won hacking incident at the virtual asset exchange Upbit. It has been confirmed that Lazarus carried out at least 31 hacking attacks over the past year. According to AhnLab’s “2025 Cyber Threat Trends & ...
- Google and Apple roll out emergency security updates after zero-day attacks
December 12, 2025
Apple and Google have released several software updates to protect against a hacking campaign targeting an unknown number of their users. On Wednesday, Google released patches for a handful of security bugs in its Chrome browser, noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. ...
- Data breach at credit check giant 700Credit affects at least 5.6 million
December 12, 2025
At least 5.6 million people had their names, addresses, dates of birth, and Social Security numbers stolen in a data breach at 700Credit, a company that runs credit checks and identity verification services for auto dealerships across the United States. In a statement on its website, the Michigan-based company blamed the October data breach on an ...
- NANOREMOTE, cousin of FINALDRAFT
December 11, 2025
In October 2025, Elastic Security Labs discovered a newly-observed Windows backdoor in telemetry. The fully-featured backdoor Elastic Security Lab call NANOREMOTE shares characteristics with malware described in REF7707 and is similar to the FINALDRAFT implant. One of the malware’s primary features is centered around shipping data back and forth from the victim endpoint using the Google ...
- SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
December 11, 2025
In October and November 2025, campaigns targeting sectors such as energy, defence, pharmaceuticals, and cybersecurity shared characteristics with older campaigns attributed to Void Rabisuopen on a new tab (also known as ROMCOM, Tropical Scorpius, Storm-0978). Void Rabisu is known to be associated with an actor group that has both financial and espionage motivations that are ...