News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

North Korean IT workers threaten European companies
B2B Cyber ​​Security ShortNews

The Google Threat Intelligence Group (GTIG) has published its latest findings on the activities of North Korean IT employees in Europe. These IT employees have already taken over projects for companies in the UK, Germany, and Portugal, and they are pressuring organizations through extortion attempts. Since the GTIG's last report in September 2024, in which it analyzed the threat posed by IT workers, the experts have observed an increase in operations in Europe in recent months due to the recent raids in the US. The use of fake IT employees is definitely a global problem, as a look at…

Read more

Juniper Networks routers in the spotlight
B2B Cyber ​​Security ShortNews

After a months-long investigation dating back to mid-2024, Mandiant is publishing its findings on a covert espionage campaign by a China-linked actor (UNC3886), which deployed custom malware on decommissioned Juniper Networks Junos OS routers. Mandiant worked with Juniper Networks to investigate UNC3886's activities and found that the affected Juniper MX routers targeted by the group were running outdated hardware and software. The custom malware samples used by UNC3886 demonstrate that the threat actor has extensive knowledge of far-reaching system internals. Mandiant recommends...

Read more

How cybercrime threatens national security
B2B Cyber ​​Security ShortNews

The new Cybercrime Report from the Google Threat Intelligence Group highlights the threat posed to national security by cybercrime. China, Russia, and Iran are using cyberattacks for espionage or to boost their finances. The report highlights how cybercrime has evolved into a destabilizing force threatening national security. In 2024, Mandiant responded to nearly four times more breaches by financially motivated actors than by state-sponsored groups (data from the Mandiant Managed Defense service). The Cybercrime Report reveals how the "Big Four" are using cybercrime as a resource…

Read more

Russian hackers target Ukrainian Signal users
B2B Cyber ​​Security ShortNews

The Google Threat Intelligence Group (GTIG) has published its research into how the APT44 group (also known as Sandworm) and other Russian hackers spy on accounts of the messaging service Signal. The accounts belong to Ukrainian military and government employees. This is often done through malicious QR codes, but also with devices captured during combat operations. The research describes several tactics, including a new technique that exploits the "paired devices" feature built into Signal. This allows the attackers to gain access to the victim's messages in real time, allowing them to keep their victims in the long term.

Read more

How Threat Actors Use Gemini for Attacks
How Threat Actors Use Gemini for Attacks

The Google Threat Intelligence Group (GTIG) has released a new report, "Adversarial Misuse of Generative AI," in which the security experts shed light on how threat actors are currently using generative AI such as Gemini in their attacks. Threat actors are experimenting with Gemini to support their operations and are becoming more productive as a result, but are not yet developing new capabilities. Currently, they are mainly using AI for research, debugging code, and creating and localizing content. Advanced Persistent Threat (APT) actors have used Gemini to support several stages of the attack lifecycle. These include exploring potential infrastructure…

Read more

Developments of AI in Cybersecurity
Developments of AI in Cybersecurity

Google Cloud recently published its Cybersecurity Forecast for 2025. The report contains forward-looking insights from several leading security leaders at Google Cloud - including Google Threat Intelligence, Mandiant Consulting and the Office of the CISO of Google Cloud. Among other things, they describe what the next phase of artificial intelligence (AI) will look like for both attackers and defenders. Use of AI by attackers The experts assume that malicious actors will increasingly use AI-based tools in 2025 to improve their online activities at different stages of the attack...

Read more

Zero-day vulnerability in Ivanti Connect Secure VPN
Zero-day vulnerability in Ivanti Connect Secure VPN

Mandiant has released details of a zero-day vulnerability (CVE-2025-0282) that Ivanti disclosed and simultaneously patched, affecting its Ivanti Connect Secure VPN ("ICS") applications. Ivanti identified the vulnerability based on clues from the company-provided Integrity Checker Tool ("ICT") and other commercial security monitoring tools. As Mandiant notes in its analysis, CVE-2025-0282 was exploited by a suspected Chinese espionage actor as early as December 2024. While Mandiant cannot currently attribute the exploitation of CVE-2025-0282 to a specific threat actor, the security researchers have observed the same malware family (SPAWN) that was exploited back in April…

Read more

Russian malware campaign
B2B Cyber ​​Security ShortNews

In September 2024, Google Threat Analysis Group (TAG) and Mandiant discovered “UNC5812,” a suspected hybrid Russian espionage and influence campaign that spreads Windows and Android malware via a Telegram persona named “Civil Defense.” “Civil Defense” claims to be a provider of free software programs that allow prospective draftees to view and share the locations of Ukrainian military recruiters. When installed with Google Play Protect disabled, these programs deliver an operating system-specific commodity malware variant to the victim along with a mapping application we identify as SUNSPINNER. The actors behind UNC5812 leverage both the…

Read more

North Korean threat actor classified as APT 45
B2B Cyber ​​Security ShortNews

Google subsidiary Mandiant has classified the North Korean cybercriminal group Andariel in the "Advanced Persistent Threat Group" category and given it the designation "APT 45." APT 45 targets critical infrastructure. The analysis highlights that Andariel, known for its large-scale, efficient cyber operations against critical infrastructure and strategic industries, has expanded its espionage campaigns against governments to include ransomware operations against healthcare providers, financial institutions and energy companies. Mandiant believes this shift is aimed in part at generating revenue to support its broad-based cyber campaigns and underscores the escalating...

Read more

Ransomware attacks 2023: Over 50 new families and variants
B2B Cyber ​​Security ShortNews

Ransomware attacks are a major and expensive problem for businesses. Last year, attacks increased significantly, according to a study by a leader in dynamic cybersecurity, which identified many new ransomware variants. Mandiant observed a significant increase in ransomware activity in 2023, with a 75 percent increase in reports of data leaks on websites. In particular, over 50 new ransomware families and variants were identified, with a third of these being variants of known families. Attackers are increasingly using legitimate tools such as ScreenConnect, Splashtop, Atera and Anydesk to penetrate victims' systems,…

Read more