"As of Feb. 18, GTIG's investigation confirmed that UNC2814 has impacted 53 victims in 42 countries across four continents, and identified suspected infections in at least 20 more countries. They also noted that UNC2814 has no observed overlap with Salt Typhoon, another Beijing-backed group that hacked America's major telecommunications firms and stole information belonging to nearly every American beginning as far back as 2019."
"We don't have visibility into the specific targeting, but previous PRC-nexus espionage intrusions against telecoms have targeted individuals and organizations for surveillance efforts, particularly dissidents and activists, as well as traditional espionage targets. The kind of access UNC2814 achieved during this campaign would likely enable this kind of operation."
"Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits. They terminated all Google Cloud Projects that had been controlled by UNC2814, disabled all known UNC2814 infrastructure and accounts, and revoked access to the Google Sheets API calls used by the Chinese snoops for command-and-control purposes."
Google's Threat Intelligence Group identified and disrupted UNC2814, a Chinese government-linked threat actor conducting intrusions against telecommunications and government organizations globally. The group exploited Google Cloud infrastructure and weaponized Google Sheets API for command-and-control communications. As of February 18, UNC2814 impacted 53 confirmed victims across 42 countries on four continents, with suspected infections in at least 20 additional countries. Google terminated all compromised Cloud Projects, disabled known infrastructure and accounts, and revoked API access. The group historically gains initial access through web server and edge system exploitation. UNC2814 operates independently from Salt Typhoon, another Chinese-backed group targeting U.S. telecommunications firms. Previous PRC-nexus espionage campaigns targeting telecoms focused on surveillance of dissidents, activists, and traditional espionage targets.
#cybersecurity-threat #chinese-apt #telecommunications-targeting #cloud-infrastructure-exploitation #government-espionage
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]