Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents.
The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed. The
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Apple Mac malware detections overtake Windows for the first time
February 11, 2020
Cyber threats aimed at Macs have outpaced those targeted at Windows PCs for the first time, signalling that Apple’s computers are not as secure as they once might have been. For some time, it was a commonly held belief that Apple Mac computers, such as the iMac, were pretty much immune to malware. This was largely due to the ...
- How Chinese Cybercriminals Use Business Playbook to Revamp Underground
February 10, 2020
Because of its longevity and technical sophistication, the Russian cybercriminal underground has long been the benchmark for threat researchers focused on studying cybercrime tactics and techniques; there is a plethora of publications dedicated to analyzing its economy and hacking forums. However, only a handful of studies have centered on the emerging threats and trends from ...
- KBOT: sometimes they come back
February 10, 2020
Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, ...
- Introducing Loda Malware
February 10, 2020
Loda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name ‘Loda’ is derived from a directory to which the malware author chose to write keylogger logs (Figure 14). It should be noted that some ...
- Leaked Code from Docker Registries
February 7, 2020
The Unit 42 Cloud Threat Report: Spring 2020 focused on the practices of DevOps to determine where misconfigurations are happening in the cloud. Our research found a large number of DevOps services (e.g., SSH, Database, Code Repository) inadvertently exposed to the internet due to misconfigured infrastructure. This blog offers a detailed analysis of leaked code from Docker ...
- Happy New Fear! Gift-wrapped spam and phishing
February 7, 2020
In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line. For example, one scam е-mail with the subject line “Xsmas gift” or ...