Google Threat Intelligence Group reports that state-sponsored, hacktivist, and criminal groups from China, Iran, North Korea, and Russia are conducting sustained, multi-vector campaigns against the defense industrial base, targeting drones, autonomous systems, supply chains, and personnel. These actors exploit messaging apps, device-linking features, hiring processes, edge devices, ORB networks, and diverse malware families to obtain persistent access and exfiltrate sensitive data. #UNC5125 #INFINITERED
Keypoints
- State-backed and criminal actors from multiple countries are carrying out continuous espionage against the defense industrial base.
- Adversaries prioritize autonomous vehicles and drones as high-value targets and craft specialized lures around those programs.
- Messaging apps, device linking, and recruitment-related social engineering are common vectors for initial access and account takeover.
- China-nexus groups use operational relay box (ORB) networks and compromised edge devices to blend traffic and evade attribution and detection.
- Diverse malware and supply chain compromises — including WAVESIGN, MESSYFORK, and INFINITERED — enable credential theft, persistent remote access, and data exfiltration.
Read More: https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html