• Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign Google Threat Intelligence Group Mandiant Google Threat Intelligence Visibility and context on the threats that matter most • Contact Us & Get a DemoIntroduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents • The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017 • This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas and had confirmed intrusions in 42 countries when the disruption was executed • The attacker was using API calls to communicate with SaaS apps as command-and-control (C2) infrastructure to disguise their malicious traffic as benign, a common tactic used by threat actors when attempting to improve the stealth of their intrusions • Rather than abusing a weakness or security flaw, attackers rely on cloud-hosted products to

Article Summaries:

  • Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign Google Threat Intelligence Group Mandiant Google Threat Intelligence Visibility and context on the threats that matter most. Contact Us & Get a DemoIntroduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked si

Sources: