Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Spam and phishing in Q1 2020
May 26, 2020
Burning Man is one of the most eagerly awaited events among fans of spectacular performance and installation art. The main obstacle to attending is the price of admission: a standard ticket will set you back $475, the number is limited, and the buying process is a challenge all by itself (there are several stages, registration ...
- Forward-looking security analysis of smart factories [Part 2] Security risks of industrial application stores
May 26, 2020
On May 11, 2020, Trend Micro released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of 5 columns, based on the results of this research, we will look at the security risks to be aware of when promoting smart factories by examining overlooked attack ...
- Factory Security Problems from an IT Perspective (Part 2): People, processes, and technology
May 26, 2020
This article is the second in a series that discusses the challenges that IT departments face when they are assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges. Before beginning to consider countermeasures, in the first article we explained the source of the challenges while focusing on the differences ...
- Turla APT Revamps One of Its Go-To Spy Tools
May 26, 2020
The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets. Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. “It is a ...
- Europol, Capgemini team up in cybercrime prevention, awareness campaigns
May 26, 2020
Europol and Capgemini have agreed to pool their resources in new cybersecurity awareness campaigns and the expansion of existing collaboration on threat intelligence. On Tuesday, Europol’s European Cybercrime Centre (EC3) said a Memorandum of Understanding (MoU) has been signed with the consultancy giant that is expected to lead to new “joint exercises, capacity building, and prevention campaigns.” Europol and ...
- Qakbot Resurges, Spreads through VBS Files
May 25, 2020
Through managed detection and response (MDR), we found that a lot of threats come from inbound emails. These messages usually contain phishing links, malicious attachments, or instructions. However, in our daily investigation of email metadata, we often detect threats not just in inbound emails, but even in the users’ own sent items folder. This involves ...