Google Threat Intelligence Group (GTIG) has disrupted a massive global cyber espionage campaign targeting telecommunications and government organizations across 42 countries. The threat actor, tracked as UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has monitored since 2017. The attacker deployed a novel backdoor called GRIDTIDE that abuses Google…
Google Threat Intelligence Group (GTIG) and Mandiant have executed a coordinated takedown of one of the most expansive cyber espionage campaigns in recent memory. The operation targeted UNC2814, a suspected People’s Republic of China (PRC)-nexus threat actor that has operated globally since 2017, compromising telecommunications and government organizations across four continents. Scale of the Compromise…
Cisco Talos has disclosed a new threat activity cluster, UAT-9244, assessed with high confidence to be a China-nexus advanced persistent threat (APT) actor closely associated with FamousSparrow and Tropic Trooper. Since 2024, the group has targeted critical telecommunications infrastructure in South America with three distinct malware implants. Key Findings TernDoor: A new Windows backdoor variant…
Check Point Research has unveiled a sophisticated Chinese APT campaign dubbed Silver Dragon that has been actively targeting government entities and organizations across Southeast Asia and Europe since mid-2024. The threat actor operates within the umbrella of Chinese-nexus APT41 and employs multiple infection chains to deliver custom backdoors designed for covert data exfiltration. Campaign Overview…
Google has disclosed details of a massive disruption operation against UNC2814, a suspected China-nexus cyber espionage group that breached at least 53 organizations across 42 countries. The campaign, tracked as GRIDTIDE, represents one of the most far-reaching espionage operations uncovered in recent years. The Scope of the Intrusion According to Google Threat Intelligence Group (GTIG)…
OpenAI has confirmed that Chinese and Russian state-affiliated threat actors have been exploiting ChatGPT to support malicious cyber and influence operations, marking one of the first documented cases of adversaries weaponizing generative AI for tactical offensive cyber activities. Chinese APT Groups Leverage ChatGPT for Cyber Operations According to OpenAI’s investigation, Chinese threat actors associated with…
A sophisticated Chinese-aligned threat campaign has been observed delivering the PlugX Remote Access Trojan (RAT) through a clever abuse of legitimate G DATA antivirus components, according to new research from LAB52. The Attack Chain The infection begins with a spear-phishing email titled “Meeting Invitation” containing two links — one redirecting to Iceland’s Ministry of Foreign…
The Czech Republic has publicly attributed a sophisticated multi-year cyber intrusion to Chinese state-sponsored group APT31 (also known as Zirconium or Judgment Panda), marking one of the most significant national attribution cases in European cyber defense history. The Campaign From 2022 through May 2025, APT31 maintained persistent access to unclassified networks at the Czech Ministry…
A China-aligned threat actor known as UnsolicitedBooker has expanded its targeting to telecommunications companies in Kyrgyzstan and Tajikistan, deploying two sophisticated backdoors—LuciDoor and MarsSnake—in a series of espionage campaigns documented by Positive Technologies researchers. Campaign Overview UnsolicitedBooker, first documented by ESET in May 2025 after targeting Saudi Arabian organizations, has been active since at least…
Palo Alto Networks’ Unit 42 has uncovered an active exploitation campaign targeting BeyondTrust Remote Support and Privileged Remote Access appliances through CVE-2026-1731, a critical pre-authentication remote code execution vulnerability with a CVSS score of 9.9. The attacks have deployed sophisticated backdoors including VShell and SparkRAT across organizations in financial services, healthcare, legal, and high-tech sectors….
