Tag: Unit 42

Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. The post Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and…

Read more →

Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more. The post No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection appeared first on Unit…

Read more →

Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. The post Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning appeared first on Unit 42. This…

Read more →

We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant). The post Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy appeared first on Unit 42. This article has…

Read more →

Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. The post Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz appeared first on Unit…

Read more →

We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain. The post Inside SnipBot: The Latest RomCom Malware Variant appeared first on Unit 42. This article…

Read more →

Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. The post Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool appeared first on Unit 42. This…

Read more →

We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. The post Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors appeared first on…

Read more →

We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors. The post Phishing Pages Delivered Through Refresh HTTP Response Header appeared first on Unit…

Read more →

Repellent Scorpius distributes Cicada3301 ransomware, using double extortion and targeting global victims since May 2024. We break down their toolset and more. The post Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware appeared first on Unit 42. This article has…

Read more →

Explore Unit 42’s review of North Korean APT groups and their impact, detailing the top 10 malware and tools we’ve seen from these threat actors. The post Threat Assessment: North Korean Threat Groups appeared first on Unit 42. This article…

Read more →

A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims’ environments for Southeast Asian espionage. The post Chinese APT Abuses VSCode to Target Government in Asia appeared first on Unit…

Read more →

Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. The post Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant appeared first on Unit 42. This article has been indexed from Unit 42 Read…

Read more →

Unit 42 researchers use a novel graph-based pipeline to detect misuse of 19 new TLDs for phishing, chatbots and more in several case studies. The post TLD Tracker: Exploring Newly Released Top-Level Domains appeared first on Unit 42. This article…

Read more →

A technical analysis of deepfake technology uncovers how cybercriminals utilize AI-generated videos of public figures to execute sophisticated scams. The post The Emerging Dynamics of Deepfake Scam Campaigns on the Web appeared first on Unit 42. This article has been…

Read more →

We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials. The post Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware appeared first on…

Read more →

Unit 42 researchers use deep learning to detect cyber threats by analyzing DNS traffic, employing autoencoders and machine learning algorithms. The post Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic appeared first on Unit 42. This article…

Read more →

We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations’ AWS environments. The post Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments appeared first on Unit 42. This article…

Read more →

Find out which industries have the most rapidly expanding attack surfaces from a survey of 260+ orgs in Unit 42’s 2024 Attack Surface Threat Report. The post Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical…

Read more →

New research uncovers a potential attack vector on GitHub repositories, with leaked tokens leading to potential compromise of services. The post ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts appeared first on Unit 42. This article has…

Read more →