Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
September 10, 2021
A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, ...
- Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
September 9, 2021
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. It should be noted that by default, Office documents downloaded from the internet are opened either ...
- Hackers leak passwords for 500,000 Fortinet VPN accounts
September 8, 2021
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN ...
- AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle
September 8, 2021
AT&T’s Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems – and which is turning target devices into cryptocurrency miners. Described by Alien Labs researcher Ofer Caspi as “one of the most active threat groups since 2020,” TeamTNT is known ...
- Russia’s Yandex suffers biggest cyberattack yet
September 8, 2021
Russian Internet corporation Yandex revealed on Tuesday that the company’s servers experienced the biggest known denial-of-service (DDoS) attack in Russia’s online space last weekend. Cloudflare, an American web infrastructure firm and a partner of Yandex confirmed the record large scale of the cyberattack. The spokesperson for Russia’s tech giant mentioned that a part of the nation’s ...
- Ragnar Locker Gang Warns Victims Not to Call the FBI
September 7, 2021
All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware operators threatened to publish all the data of victimized organizations ...