Skip to main content

Tag: google threat intelligence group

23 articles

Smart devices like TVs and streaming boxes scattered in a brightly-lit living room.

Google Disrupts NetNut Residential Proxy Network

Google's Threat Intelligence Group has disrupted NetNut, a massive residential proxy network controlling at least 2 million infected devices worldwide, including smart TVs and streaming boxes. This botnet, powered by trojanized apps and malicious software like Badbox 2.0, was used for cybercrime and espionage activities.

Analyst 207
Dimly lit office space with computer workstation, scattered papers, and RAR archive box, conveying targeted espionage.

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns

Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

Analyst 207
Dimly lit hallway with doors ajar, computer screen in foreground showing subtle code hints.

Chinese Hackers Infiltrate Defense Research with Custom Malware

Chinese hackers have launched a stealthy attack on defense research using custom malware, embedding it into upgrade workflows so it survives even when vulnerabilities are patched. This allows the malware to re-infect new versions, making it a persistent and concerning threat.

Analyst 207
Government building stands under bright sunlight with a hint of unease.

Google Uncovers China Espionage Group UNC6508 Lurking Undetected Since 2023

Google's Threat Intelligence Group has uncovered a stealthy Chinese espionage group, UNC6508, that had been secretly lurking in networks since 2023, targeting key sectors in the US and Canada. The full extent of the damage is still unknown, leaving experts concerned about potential long-term security breaches.

Analyst 207
Brightly-lit hospital corridor with medical equipment, computers, and researchers in the distance.

Chinese hackers breach medical research servers with custom malware

Malicious hackers linked to China breached a North American medical research institution, hiding undetected for over a year and gaining access to sensitive research areas. The attackers used custom malware, known as Infinitered, with broad capabilities to siphon off valuable intel from September 2023 to November 2025.

Analyst 207
Person's hand holds smartphone in brightly-lit urban setting with subtle hint of unease.

Chinese Phishing Services Shift to Live Credential Interception Tactics

Cyber attackers are now using live administration panels to interact with victims in real-time, capturing one-time passcodes and instantly bypassing multifactor authentication protections. This new tactic allows them to neutralize security measures and steal sensitive information more effectively.

Analyst 207
Modern financial transaction scene with digital payment terminal in bright daylight.

Chinese PhaaS Ecosystem Evolves, Threatens Global Financial Security

The game has changed in the world of phishing: attackers are now using Phishing as a Service (PhaaS) to intercept one-time passcodes and tokenize payment cards, giving them direct control over victims' financial accounts. This sinister shift threatens global financial security, allowing attackers to tap into accounts in real-time.

Analyst 207
Person receiving phone call in office setting with blurred phone screen and computer in background.

Google Exposes BlackFile Extortion Operation's Tactics

Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

Analyst 207
Brightly-lit lab with a computer workstation and technical instruments.

AI-Developed Zero-Day Exploit Exposes New Threats

Google's discovery of the first AI-generated zero-day exploit is a game-changer, revealing a new level of threat sophistication. This historic finding shows that AI can now be used not just to identify vulnerabilities, but to create and deploy malicious code.

Analyst 207
Modern tech lab with people in background and computer monitor on desk.

Google Exposes AI-Built Zero-Day Threat That Nearly Sparked Mass Attack

The game-changing moment came when a zero-day threat, nearly sparking a mass attack, was uncovered - and forensic evidence revealed its exploit code was astonishingly built by an AI model. This breakthrough highlights how AI is revolutionizing exploit development, making it faster and more accessible to malicious actors.

Analyst 207
Security professional stands before a cityscape window with looming digital threats.

Security Teams Overlook AI-Driven Threats in Cloud Risk Management

Stay ahead of the threats: are you managing cloud risk effectively, or is it still siloed and vulnerable to AI-driven attacks? Recent research from Google Threat Intelligence Group reveals a new wave of AI-augmented operations that are scaling and accelerating compromises.

Analyst 207
A cluttered office desk with laptop, coffee cup, and papers, in a brightly-lit open-plan setting.

Threat Actors Leverage AI for Vulnerability Exploitation and Cyber Operations

Google Threat Intelligence Group has spotted a threat actor using a zero-day exploit likely developed with AI, marking a chilling new trend in cybercrime. This game-changing tactic turbocharges exploit development, malware autonomy, and access to premium AI services.

Analyst 207
Researcher working in clean-room setting with laptop displaying code editor.

Google Researchers Uncover AI-Developed Zero-Day Exploit

Google researchers have made a groundbreaking discovery - a zero-day exploit that was developed with the help of artificial intelligence, which could have led to a large-scale attack if not caught in time. Thankfully, the vulnerability has been patched after Google alerted the affected vendor.

Analyst 207
Laptop screen displays code on minimalist desk in bright tech lab setting.

Google Exposes AI-Driven Zero-Day 2FA Bypass Exploit

Google's Threat Intelligence Group just uncovered a zero-day exploit that was likely crafted by AI, highlighting the rapidly evolving threat landscape. This AI-driven attack uses a Python script with telltale signs of large language model-generated code.

Analyst 207
Laptop screen displays web-based system administration tool in bright office setting.

Hackers Leverage AI to Develop Zero-Day Vulnerability

The AI vulnerability race is no longer on the horizon - it's already underway, with hackers leveraging AI to identify and exploit zero-day vulnerabilities, as seen in a recent coordinated operation. Google Threat Intelligence Group has uncovered the first observed case of cybercriminals using AI to produce weaponized code and bypass security protections.

Analyst 207
Laptop screen displays system administration tool with blurred office background and code on nearby whiteboard.

Google Exposes AI-Generated Zero-Day Exploit Used by Hackers

Google's Threat Intelligence Group has made a groundbreaking discovery - a zero-day exploit, potentially crafted with AI, was used by hackers to bypass two-factor authentication in a widely-used open-source tool. This alarming finding highlights the emerging threat of AI-generated cyber attacks.

Analyst 207
Smartphone on a clean surface with empty screen in a neutral background.

DarkSword Malware Targets iOS with Sophisticated Exploit Chain

Meet DarkSword, a sneaky malware that's been targeting iOS devices with a sophisticated exploit chain, leveraging six different vulnerabilities to deploy its final-stage payloads across iOS versions 18.4 through 18.7. Google Threat Intelligence Group has tracked its use back to November 2025, with multiple actors - from commercial vendors to suspected state-sponsored operators - employing it to compromise devices.

Analyst 207
Person at desk looks at laptop with Microsoft Teams on screen, background webpage blurred.

Google Exposes Microsoft Teams Phishing Campaign Using Custom Snow Malware

Beware of scammers posing as helpdesk heroes! They'll flood your inbox with spam, then reach out on Microsoft Teams with a fake fix that actually steals your password using custom Snow malware.

Analyst 207
Cluttered office desk with computer, papers, and open smartphone showing an email inbox.

UNC6692 Exposes Custom Malware Suite via Social Engineering

In a clever social engineering ploy, UNC6692 launched a massive email campaign in late December 2025, flooding targets with messages to create a sense of urgency and distraction, before following up with a convincing Microsoft Teams message that pushed a malicious link. The attackers then cleverly disguised their malware as a legitimate "Mailbox Repair and Sync Utility" patch, hosted on an Amazon S3 page.

Analyst 207
Shadowy figure lurks near laptop with tangled wires and broken padlock, amidst eerie city glow.

North Korea-linked actor compromises axios NPM package

A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

Analyst 207
Dark digital landscape with stormy cloud over virtualized infrastructure and shattered virtual machine in foreground.

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks

Imagine an attacker sneaking past your trusted operating system and into the hidden infrastructure that powers your virtual machines - that's the risk posed by BRICKSTORM malware, which targets the VMware vSphere ecosystem. This stealthy threat allows adversaries to operate undetected, evading traditional endpoint tools by establishing persistence at the virtualization layer.

Analyst 207
Unfortunately you didn't provide the article title or the image prompt. Please provide them so I can generate the alt text.

A single unpatched flaw in a Dell storage appliance became a playground for hackers, allowing months of undetected espionage and the deployment of sneaky new backdoors. A joint investigation by Mandiant and Google Threat Intelligence Group uncovered this alarming zero-day exploit, which has been wreaking havoc since mid-2024.

Analyst 207
Google Links Axios npm Breach to North Korea's UNC1069 Group

Google Links Axios npm Breach to North Korea's UNC1069 Group

Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.

Analyst 207