Security News

Google: Chinese state hackers target Ukraine’s government
2022-03-18 13:58

Google's Threat Analysis Group says the Chinese People's Liberation Army and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.

Google exposes tactics of a Conti ransomware access broker
2022-03-17 20:30

Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations. It was determined that "EXOTIC LILY" is an initial access broker that uses large-scale phishing campaigns to breach targeted corporate networks and then sells access to those networks to ransomware gangs.

Android trojan persists on the Google Play Store since January
2022-03-15 19:55

Security researchers tracking the mobile app ecosystem have noticed a recent spike in trojan infiltration on the Google Play Store, with one of the apps having over 500,000 installs and available to download. Most of these apps belong to a family of trojan malware used in various scams, resulting in financial losses and also loss of sensitive personal information. The threats discovered on the Play Store by Dr. Web's analysts include cryptocurrency management apps, social benefit aid tools, Gasprom investment clones, photo editors, and a launcher themed after iOS 15.

Android malware Escobar steals your Google Authenticator MFA codes
2022-03-12 15:12

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes. The malware author is renting the beta version of the malware for $3,000 per month to a maximum of five customers, with threat actors having the ability to test the bot for free for three days.

Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks
2022-03-11 04:44

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group said it took down two Blogspot domains that were used by the nation-state group FancyBear - which is attributed to Russia's GRU military intelligence - as a landing page for its social engineering attacks.

Google rolling out Air Raid Alerts to Android users in Ukraine
2022-03-10 20:00

Google is rolling out an air raid alert system to all Android phones in Ukraine to help them get back to safety from incoming Russian airstrikes. As Walker further explained, the airstrike warning system rolling out to Ukrainians' Android phones "Is supplemental to the country's existing air raid alert systems" and uses air raid alert info provided by the Ukrainian government.

Russian APTs Furiously Phish Ukraine – Google
2022-03-09 14:07

While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat groups affiliated with or backing Vladimir Putin's government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. There have been a recent spate of distributed denial-of-service attacks against Ukrainian government sites, such as the Ministry of Foreign Affairs and the Ministry of Internal Affairs, as well as key services that help Ukrainians find information, such as Liveuamap, according to Google TAG. China's Mustang Panda also has joined the fray, using the war in Ukraine to target European entities with lures related to the Ukrainian invasion in a recent phishing campaign.

Google: Chinese hackers target Gmail users affiliated with US govt
2022-03-08 16:58

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.

Google buys threat intel giant Mandiant for $5.4bn
2022-03-08 14:30

Google is buying pre-eminent threat intel firm Mandiant for $5.4bn, the two companies announced this morning. "Cyber security is a mission, and we believe it's one of the most important of our generation. Google Cloud shares our mission-driven culture to bring security to every organization," said Kevin Mandia, CEO of Mandiant in a canned statement.

Google: Russia, China, Belarus state hackers target Ukraine, Europe
2022-03-08 11:21

Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks. The Computer Emergency Response Team of Ukraine and Facebook previously warned of other phishing campaigns against Ukrainian officials and military personnel, also attributed Ghostwriter hackers.