“GTIG did not directly observe UNC2814 exfiltrate sensitive data during this campaign,” Google said. “However, historical PRC-nexus espionage intrusions against telecoms have resulted in the theft of call data records, unencrypted SMS messages, and the compromise and abuse of lawful intercept systems.”While the targeting oftelecomscompanies by a Chinese threat actor is reminiscent of the group calledSalt Typhoon, Google noted that it has found no overlaps between Salt Typhoon and UNC2814.Disrupting the UNC2814 campaignTo disrupt UNC2814’s campaign, GTIG, Mandiant and their partners eliminated cloud resources used by the GridTide malware.They also took down all the infrastructure associated with the cyberespionage operation. This included sinkholing current and historical domains to sever access to compromised environments.In addition, they disabled accounts used by the hackers (including Google Cloud accounts used for C&C), and terminated access to the Google Sheets instances used by the malware.Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
While the targeting oftelecomscompanies by a Chinese threat actor is reminiscent of the group calledSalt Typhoon, Google noted that it has found no overlaps between Salt Typhoon and UNC2814.Disrupting the UNC2814 campaignTo disrupt UNC2814’s campaign, GTIG, Mandiant and their partners eliminated cloud resources used by the GridTide malware.They also took down all the infrastructure associated with the cyberespionage operation. This included sinkholing current and historical domains to sever access to compromised environments.In addition, they disabled accounts used by the hackers (including Google Cloud accounts used for C&C), and terminated access to the Google Sheets instances used by the malware.Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
To disrupt UNC2814’s campaign, GTIG, Mandiant and their partners eliminated cloud resources used by the GridTide malware.They also took down all the infrastructure associated with the cyberespionage operation. This included sinkholing current and historical domains to sever access to compromised environments.In addition, they disabled accounts used by the hackers (including Google Cloud accounts used for C&C), and terminated access to the Google Sheets instances used by the malware.Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
They also took down all the infrastructure associated with the cyberespionage operation. This included sinkholing current and historical domains to sever access to compromised environments.In addition, they disabled accounts used by the hackers (including Google Cloud accounts used for C&C), and terminated access to the Google Sheets instances used by the malware.Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
In addition, they disabled accounts used by the hackers (including Google Cloud accounts used for C&C), and terminated access to the Google Sheets instances used by the malware.Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
Victims have been notified and assisted with incident response. Google has also released IoCs designed to help organizations detect GridTide and other UNC2814 activity.Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
Google expects this disruption to significantly set back UNC2814’s efforts to build out its global footprint.Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
Related:RedVDS Cybercrime Service Disrupted by Microsoft and Law EnforcementRelated:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
Related:Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following LawsuitRelated:RaccoonO365 Phishing Service Disrupted, Leader Identified
Related:RaccoonO365 Phishing Service Disrupted, Leader Identified
Source: SecurityWeek
