Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ransomware gangs now have industrial targets in their sights
February 2, 2021
Ransomware attacks are a potential danger for any organisation, with ransomware variants including Conti, Egregor, Maze and many others still successfully compromising victims across all industries – but there are some industries that criminal gangs are targeting more than others. The ransomware attacks are successful because many organisations can’t afford for their network to be out ...
- Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection
February 2, 2021
Agent Tesla malware variants are now using new techniques to try and eradicate endpoint antivirus security. On Tuesday, Sophos researchers said that two new variants of the Remote Access Trojan (RAT) are targeting Microsoft Anti-Malware Software Interface (AMSI), scanning and analysis software designed to prevent malware infections from taking hold. Agent Tesla operators will now attempt to ...
- Minnesota: Netgain ransomware incident impacts local governments
February 2, 2021
The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. The government of Ramsey County learned about the potential breach on December 2, 2020, when Netagin ...
- Trickbot malware now maps victims’ networks using Masscan
February 2, 2021
The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim’s computer. This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes. Trickbot uses the ...
- Finding and Decoding Multi-Step Obfuscated Malware
February 2, 2021
Recently, in the process of a threat investigation, Trend Micro researchers found an interesting event. A process (nslookup.exe) that tried to connect to a malicious URL that was already blocked by trend Micro solutions. We could have stopped at this point, but searching for the root cause is part of managed detection and response (MDR) — ...
- This Linux malware is hijacking supercomputers across the globe
February 2, 2021
A small but complex malware variant is targeting supercomputers worldwide. Reverse engineered by ESET and described in a blog post on Tuesday, the malware has been traced back to attacks against supercomputers used by a large Asian Internet Service Provider (ISP), a US endpoint security vendor, and a number of privately-held servers, among other targets. The cybersecurity ...