Google Threat Intelligence Group
Coverage of Google Threat Intelligence Group in the Nexus archive.
- Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor Turla has developed a new .NET backdoor called STOCKSTAY, which has been used to target Ukrainian government and military organizations, as well as entities interested in Italian foreign policy. Google Threat Intelligence Group disclosed these details, highlighting the backdoor's ongoing development by the hacking group.
- PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data
PRC-linked spies, tracked as UNC6508, infiltrated North American medical and military research networks for over a year, using custom malware to snoop through Gmail and steal sensitive data. They targeted defense-related information, drone technology, and research on the Chikungunya virus, exploiting externally facing REDCap servers to gain access.
- UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers revealed a data theft extortion campaign targeting U.S. organizations in professional, legal, and financial services between January and May 2026. The campaign, attributed to UNC3753, involved vishing and physical intrusions, with Google Mandiant and Google Threat Intelligence Group identifying the threat actor.
- ‘The new era is here’: Fears rise over AI hacking
AI has entered a new era of cybersecurity threats, with Google detecting the first known case of cybercriminals using AI to exploit zero-day vulnerabilities. Senate Minority Leader Chuck Schumer is urging the Department of Homeland Security to develop a national coordination plan by July to address AI-enabled hacking risks to critical infrastructure.
- Google announces its first-ever discovery of a zero-day exploit made with AI
Google's Threat Intelligence Group discovered a zero-day exploit made with AI and stopped a mass exploitation event. This is Google's first-ever discovery of such an exploit. The discovery highlights the effectiveness of Google's proactive measures.
- Google says criminals used AI-built zero-day in planned mass hack spree
Google's Threat Intelligence Group has identified a case of cybercriminals using AI to discover and exploit a zero-day vulnerability in a planned mass-hack campaign. The vulnerability was found in a popular open-source web-based administration platform and was patched before it could be widely exploited. Google believes this is the first real-world case of AI being used for such an attack.
- Google: Hackers used AI to develop zero-day exploit for web admin tool
Hackers used AI to develop a zero-day exploit targeting a popular open-source web administration tool. The exploit was discovered by researchers at Google Threat Intelligence Group. The use of AI in developing the exploit is a concerning development in the field of cybersecurity.
- Google spotted an AI-developed zero-day before attackers could use it
Google researchers discovered an AI-developed zero-day exploit before attackers could use it, alerting the susceptible vendor to patch the vulnerability. The exploit affected a popular open-source administration tool and allowed attackers to bypass two-factor authentication. This is the first time Google found compelling evidence of AI being used to develop zero-day exploits.