Our insights on the widespread Oracle E-Business Suite zero-day exploitation:

✔️ Breakdown and analysis of the campaign

✔️ Deep dive into threat actor’s multi-stage, in-memory Java implant framework

✔️ Recommendations, IOCs, and more for defenders

Read now: cloud.google.com/blog/topics/...

BRICKSTORM malware is being used by suspected China-nexus actor, UNC5221, in a stealthy espionage campaign.

-Avg dwell time: 393 days
-Targets: US legal, SaaS, BPOs & tech firms

We have released a scanner, IOCs, and guidance to help defenders.

Full analysis here: bit.ly/4pT3pku

🚨 APT41 is using malware, TOUGHPROGRESS, that leverages Google Calendar for command and control.

Learn more about the campaign and how GTIG helped disrupt it. Additionally, leverage our included YARA rules, hashes and other IOCs to help defend against this threat: cloud.google.com/blog/topics/...

UNC3944 (Scattered Spider) is a financially-motivated threat actor known for persistent and brazen social engineering, including targeting help desks.

Our guidance can help organizations defend against the UNC3944 tactics we have observed when responding to this group.

Stay ahead ➡️ bit.ly/3EXHvtE

We tracked 75 zero-days exploited in the wild in 2024.

Zero-day use is steadily increasing, notably for espionage. We see more focus on enterprise technologies, over 60% of which were security and networking products.

Read the report for metrics, trends and more: cloud.google.com/blog/topics/...

M-Trends 2025 is here!

Get data from our investigations, including top initial infection vectors and targeted industries, and dive deep into trends such as rising infostealer use and the DPRK insider threat. We also share recommendations to stay ahead.

Read now: cloud.google.com/security/res...