Tag: google threat intelligence group
23 articles

Google Disrupts NetNut Residential Proxy Network
Google's Threat Intelligence Group has disrupted NetNut, a massive residential proxy network controlling at least 2 million infected devices worldwide, including smart TVs and streaming boxes. This botnet, powered by trojanized apps and malicious software like Badbox 2.0, was used for cybercrime and espionage activities.

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns
Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

Chinese Hackers Infiltrate Defense Research with Custom Malware
Chinese hackers have launched a stealthy attack on defense research using custom malware, embedding it into upgrade workflows so it survives even when vulnerabilities are patched. This allows the malware to re-infect new versions, making it a persistent and concerning threat.

Google Uncovers China Espionage Group UNC6508 Lurking Undetected Since 2023
Google's Threat Intelligence Group has uncovered a stealthy Chinese espionage group, UNC6508, that had been secretly lurking in networks since 2023, targeting key sectors in the US and Canada. The full extent of the damage is still unknown, leaving experts concerned about potential long-term security breaches.

Chinese hackers breach medical research servers with custom malware
Malicious hackers linked to China breached a North American medical research institution, hiding undetected for over a year and gaining access to sensitive research areas. The attackers used custom malware, known as Infinitered, with broad capabilities to siphon off valuable intel from September 2023 to November 2025.

Chinese Phishing Services Shift to Live Credential Interception Tactics
Cyber attackers are now using live administration panels to interact with victims in real-time, capturing one-time passcodes and instantly bypassing multifactor authentication protections. This new tactic allows them to neutralize security measures and steal sensitive information more effectively.

Chinese PhaaS Ecosystem Evolves, Threatens Global Financial Security
The game has changed in the world of phishing: attackers are now using Phishing as a Service (PhaaS) to intercept one-time passcodes and tokenize payment cards, giving them direct control over victims' financial accounts. This sinister shift threatens global financial security, allowing attackers to tap into accounts in real-time.

Google Exposes BlackFile Extortion Operation's Tactics
Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

AI-Developed Zero-Day Exploit Exposes New Threats
Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.

Google Exposes AI-Built Zero-Day Threat That Nearly Sparked Mass Attack
The game-changing moment came when a zero-day threat, nearly sparking a mass attack, was uncovered - and forensic evidence revealed its exploit code was astonishingly built by an AI model. This breakthrough highlights how AI is revolutionizing exploit development, making it faster and more accessible to malicious actors.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management
Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.

Threat Actors Leverage AI for Vulnerability Exploitation and Cyber Operations
Google Threat Intelligence Group has spotted a threat actor using a zero-day exploit likely developed with AI, marking a chilling new trend in cybercrime. This game-changing tactic turbocharges exploit development, malware autonomy, and access to premium AI services.

Google Researchers Uncover AI-Developed Zero-Day Exploit
Google researchers have made a groundbreaking discovery - a zero-day exploit that was developed with the help of artificial intelligence, which could have led to a large-scale attack if not caught in time. Thankfully, the vulnerability has been patched after Google alerted the affected vendor.

Google Exposes AI-Driven Zero-Day 2FA Bypass Exploit
Google's Threat Intelligence Group just uncovered a zero-day exploit that was likely crafted by AI, highlighting the rapidly evolving threat landscape. This AI-driven attack uses a Python script with telltale signs of large language model-generated code.

Hackers Leverage AI to Develop Zero-Day Vulnerability
The AI vulnerability race is no longer on the horizon - it's already underway, with hackers leveraging AI to identify and exploit zero-day vulnerabilities, as seen in a recent coordinated operation. Google Threat Intelligence Group has uncovered the first observed case of cybercriminals using AI to produce weaponized code and bypass security protections.

Google Exposes AI-Generated Zero-Day Exploit Used by Hackers
Google's Threat Intelligence Group has made a groundbreaking discovery - a zero-day exploit, potentially crafted with AI, was used by hackers to bypass two-factor authentication in a widely-used open-source tool. This alarming finding highlights the emerging threat of AI-generated cyber attacks.

DarkSword Malware Targets iOS with Sophisticated Exploit Chain
Meet DarkSword, a sneaky malware that's been targeting iOS devices with a sophisticated exploit chain, leveraging six different vulnerabilities to deploy its final-stage payloads across iOS versions 18.4 through 18.7. Google Threat Intelligence Group has tracked its use back to November 2025, with multiple actors - from commercial vendors to suspected state-sponsored operators - employing it to compromise devices.

Google Exposes Microsoft Teams Phishing Campaign Using Custom Snow Malware
Beware of scammers posing as helpdesk heroes! They'll flood your inbox with spam, then reach out on Microsoft Teams with a fake fix that actually steals your password using custom Snow malware.

UNC6692 Exposes Custom Malware Suite via Social Engineering
In a clever social engineering ploy, UNC6692 launched a massive email campaign in late December 2025, flooding targets with messages to create a sense of urgency and distraction, before following up with a convincing Microsoft Teams message that pushed a malicious link. The attackers then cleverly disguised their malware as a legitimate "Mailbox Repair and Sync Utility" patch, hosted on an Amazon S3 page.

North Korea-linked actor compromises axios NPM package
A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks
Imagine an attacker sneaking past your trusted operating system and into the hidden infrastructure that powers your virtual machines - that's the risk posed by BRICKSTORM malware, which targets the VMware vSphere ecosystem. This stealthy threat allows adversaries to operate undetected, evading traditional endpoint tools by establishing persistence at the virtualization layer.

A single unpatched flaw in a Dell storage appliance became a playground for hackers, allowing months of undetected espionage and the deployment of sneaky new backdoors. A joint investigation by Mandiant and Google Threat Intelligence Group uncovered this alarming zero-day exploit, which has been wreaking havoc since mid-2024.

Google Links Axios npm Breach to North Korea's UNC1069 Group
Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.