Chinese Cyber Threat Intelligence

A critical zero-day vulnerability in the TrueConf video conferencing platform is being actively exploited in a sophisticated espionage campaign targeting government entities across Southeast Asia. Check Point Research has uncovered Operation TrueChaos, a targeted attack campaign weaponizing CVE-2026-3502 (CVSS 7.8) to compromise dozens of government agencies through a single compromised TrueConf server. The campaign deploys…

A months-long investigation by Rapid7 Labs has exposed a sophisticated state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, which has embedded some of the most covert digital sleeper cells ever documented inside global telecommunications infrastructure. Why It Matters Telecommunications networks carry government communications, authenticate subscriber identities, coordinate critical industries, and process signaling flows…

A comprehensive investigation by Rapid7 Labs has exposed a sophisticated, state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, revealing one of the most covert digital sleeper cell operations ever documented within global telecommunications infrastructure. The campaign represents a deliberate shift from opportunistic hacking to long-term pre-positioning within the very backbone networks that underpin…

Google Threat Intelligence Group (GTIG) has disrupted a massive global cyber espionage campaign targeting telecommunications and government organizations across 42 countries. The threat actor, tracked as UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has monitored since 2017. The attacker deployed a novel backdoor called GRIDTIDE that abuses Google…

Google Threat Intelligence Group (GTIG) and Mandiant have executed a coordinated takedown of one of the most expansive cyber espionage campaigns in recent memory. The operation targeted UNC2814, a suspected People’s Republic of China (PRC)-nexus threat actor that has operated globally since 2017, compromising telecommunications and government organizations across four continents. Scale of the Compromise…

Cisco Talos has disclosed a new threat activity cluster, UAT-9244, assessed with high confidence to be a China-nexus advanced persistent threat (APT) actor closely associated with FamousSparrow and Tropic Trooper. Since 2024, the group has targeted critical telecommunications infrastructure in South America with three distinct malware implants. Key Findings TernDoor: A new Windows backdoor variant…

Check Point Research has unveiled a sophisticated Chinese APT campaign dubbed Silver Dragon that has been actively targeting government entities and organizations across Southeast Asia and Europe since mid-2024. The threat actor operates within the umbrella of Chinese-nexus APT41 and employs multiple infection chains to deliver custom backdoors designed for covert data exfiltration. Campaign Overview…

Google has disclosed details of a massive disruption operation against UNC2814, a suspected China-nexus cyber espionage group that breached at least 53 organizations across 42 countries. The campaign, tracked as GRIDTIDE, represents one of the most far-reaching espionage operations uncovered in recent years. The Scope of the Intrusion According to Google Threat Intelligence Group (GTIG)…

OpenAI has confirmed that Chinese and Russian state-affiliated threat actors have been exploiting ChatGPT to support malicious cyber and influence operations, marking one of the first documented cases of adversaries weaponizing generative AI for tactical offensive cyber activities. Chinese APT Groups Leverage ChatGPT for Cyber Operations According to OpenAI’s investigation, Chinese threat actors associated with…