Google Threat Intelligence Group Archives

Voting is open for the 2025 CyberScoop 50 awards!

Google Threat Intelligence Group

The four most frequently exploited vulnerabilities were all contained in edge devices, such as VPNs, firewalls and routers. (Getty Images)

Attackers hit security device defects hard in 2024

Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network…

3 days ago By Matt Kapko

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Chinese national flag flies outside the Ministry of Foreign Affairs in Beijing on July 26, 2023. (Photo by GREG BAKER/AFP via Getty Images)

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

Apr 3, 2025 By Matt Kapko

The Department of Justice building is pictured in Washington, DC, on January 22, 2022. (Photo by STEFANI REYNOLDS/AFP via Getty Images)

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies

Federal prosecutors accuse Cameron Wagenius of searching how to defect to Russia before he tried to sell stolen data to a foreign intelligence service.

Feb 27, 2025 By Matt Kapko

What defenders are learning from Black Basta’s leaked chat logs

The ransomware syndicate’s internal chats exposed a wide swath of the group’s inner workings.

Feb 24, 2025 By Matt Kapko

Russian soldiers stand on Red Square in central Moscow on September 29, 2022, as the square is sealed prior to a ceremony of the incorporation of the new territories into Russia. (Photo by ALEXANDER NEMENOV/AFP via Getty Images)

Russia-aligned threat groups dupe Ukrainian targets via Signal

Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts.

Feb 19, 2025 By Matt Kapko