Google Threat Intelligence Group Archives

Salesloft confirmed the impact is much more severe and widespread. (imageBROKER/Timon Schneider/Alamy)

Salesloft Drift compromised en masse, impacting all third-party integrations

Researchers said Google Workspace customers were hit, and noted other platforms are impacted as well. Fresh evidence proves impact was not limited to Salesforce, as Salesloft previously…

2 days ago By Matt Kapko

Salt Typhoon hacking campaign goes beyond previously disclosed targets, world cyber agencies say

The Chinese government-linked hackers were the subject of an alert from U.S. and international partners.

3 days ago By Tim Starks

Google’s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake/Getty Images)

Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense

There are still impediments to overcome before companies and agencies can get more broadly aggressive in cyberspace, both legal and commercial.

3 days ago By Tim Starks

Salesforce headquarters in San Francisco. — Exterior view of Salesforce’s headquarters in San Francisco on Feb. 28, 2024. (Justin Sullivan/Getty Images)

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent

A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.

4 days ago By Matt Kapko

Mass attack spree hits Microsoft SharePoint zero-day defect

Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.

Jul 21, 2025 By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

Jul 16, 2025 By Matt Kapko

China and Italy, two flags waving against blue sky. 3d image. Aleksandra Aleshchenko, iStock/Getty Images Plus

Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.

Jul 8, 2025 By Tim Starks

Leucauge venusta, known as the orchard orbweaver spider, resting in the center of her web in Charleston, South Carolina. (Daniela Duncan/Getty Images)

Scattered Spider weaves web of social-engineered destruction

The cybercrime ring has infiltrated more than 100 businesses since 2022, including more than a dozen since it regrouped earlier this year.

Jul 7, 2025 By Matt Kapko

Russian President Vladimir Putin delivers a speech standing in front of the monument “Fatherland, Valor, Honor” outside of the Foreign Intelligence Service of the Russian Federation (SVR) in Moscow on June 30, 2022. (Photo by Mikhail Metzel / Sputnik / AFP) (Photo by MIKHAIL METZEL/Sputnik/AFP via Getty Images)

Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers

They weren’t in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks.

Jun 18, 2025 By Tim Starks

A Bank Sepah branch in Tehran, Iran in 2021. Iran-focused media outlets report Bank Sepah branches are closed after a cyberattack. (Photo by ATTA KENARE/AFP via Getty Images)

Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group

The attack introduces a clear cyber element with immediate consequences for the country’s critical infrastructure amid a growing conflict between Israel and Iran.

Jun 17, 2025 By Matt Kapko