Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hacker groups chain VPN and Windows bugs to attack US government networks
October 12, 2020
Hackers have gained access to government networks by combining VPN and Windows bugs, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint security alert published on Friday. Attacks have targeted federal and state, local, tribal, and territorial (SLTT) government networks. Attacks against non-government networks have also been ...
- Metasploit Shellcodes Attack Exposed Docker APIs
October 12, 2020
We have discussed the importance of keeping Docker APIs secure in previous articles, as leaving them exposed can give cybercriminals unfettered access to the host with root privileges. This access can lead to distributed denial of service (DDoS) attacks, remote code execution (RCE), and unauthorized cryptocurrency mining activity. We recently observed an interesting payload deployment using ...
- The most common malicious email attachments infecting Windows
October 11, 2020
To stay safe online, everyone needs to recognize malicious attachments that are commonly used in phishing emails to distribute malware. When distributing malware, threat actors create spam campaigns that pretend to be invoices, invites, payment information, shipping information, eFaxes, voicemails, and more. Included in these emails are malicious Word and Excel attachments, or links to them, ...
- Wormable Apple iCloud Bug Allows Automatic Photo Theft
October 9, 2020
A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications. Of note, a critical, wormable iCloud account takeover bug would allow attackers to automatically steal all of a victim’s documents, ...
- Fitbit Spyware Steals Personal Data via Watch Face
October 9, 2020
A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data. “Essentially, ...
- ZeroLogon: Ransomware gang now using critical Windows flaw in attacks
October 9, 2020
Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September. This time, the threat actor is TA505, an adversary who is indiscriminate about the victims it attacks, with ...