Google Threat Intelligence Group Archives

China and Italy, two flags waving against blue sky. 3d image. Aleksandra Aleshchenko, iStock/Getty Images Plus

Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.

Jul 8, 2025 By Tim Starks

Leucauge venusta, known as the orchard orbweaver spider, resting in the center of her web in Charleston, South Carolina. (Daniela Duncan/Getty Images)

Scattered Spider weaves web of social-engineered destruction

The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.

Jul 7, 2025 By Matt Kapko

Russian President Vladimir Putin delivers a speech standing in front of the monument “Fatherland, Valor, Honor” outside of the Foreign Intelligence Service of the Russian Federation (SVR) in Moscow on June 30, 2022. (Photo by Mikhail Metzel / Sputnik / AFP) (Photo by MIKHAIL METZEL/Sputnik/AFP via Getty Images)

Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers

They weren’t in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks.

Jun 18, 2025 By Tim Starks

A Bank Sepah branch in Tehran, Iran in 2021. Iran-focused media outlets report Bank Sepah branches are closed after a cyberattack. (Photo by ATTA KENARE/AFP via Getty Images)

Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group

The attack introduces a clear cyber element with immediate consequences for the country’s critical infrastructure amid a growing conflict between Israel and Iran.

Jun 17, 2025 By Matt Kapko

Salesforce headquarters in San Francisco. — Exterior view of Salesforce’s headquarters in San Francisco on Feb. 28, 2024. (Justin Sullivan/Getty Images)

Salesforce customers duped by series of social-engineering attacks

Google Threat Intelligence Group said about 20 organizations have been hit by a cybercrime group it tracks as UNC6040.

Jun 4, 2025 By Matt Kapko

Signage at the headquarters of SAP AG, Germany’s largest software company on January 8, 2013 in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images)

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons

Multiple firms are tracking the zero-day attacks on Europe’s top software firm.

May 15, 2025 By Tim Starks

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s…

Apr 30, 2025 By Matt Kapko

The four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers. (Getty Images)

Attackers hit security device defects hard in 2024

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…

Apr 23, 2025 By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

Apr 3, 2025 By Matt Kapko