SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle
Unit 42 unravels TheBottle's activities and his newest malware family The post SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle appeared first on Unit 42.
View ArticleThe Rise of the Cryptocurrency Miners
Unit 42 investigates the rise of cryptocurrency miners. The post The Rise of the Cryptocurrency Miners appeared first on Unit 42.
View ArticleRANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware...
Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia The post RANCOR: Targeted Attacks in South East Asia Using...
View ArticleThe Gorgon Group: Slithering Between Nation State and Cybercrime
Slithering between nation state and cybercrime: Unit 42 examines the Gorgon Group’s unsophisticated yet effective attacks. Read the full report. The post The Gorgon Group: Slithering Between Nation...
View ArticleNew KONNI Malware attacking Eurasia and Southeast Asia
Unit 42 uncovers NOKKI, a type of malware with ties to the previously discovered KONNI malware family, used to attack Eurasia and Southeast Asia. The post New KONNI Malware attacking Eurasia and...
View ArticleNOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to...
Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report. The post NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT appeared first...
View ArticleThe Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting...
Unit 42 uncovers a campaign leveraging a previously unreported customized dropper used to deliver lures primarily pertaining to the South Korean and North Korea region. The post The Fractured Block...
View ArticleMultiple ArtraDownloader Variants Used by BITTER to Target Pakistan
Since at least 2015, a suspected South Asian threat grouping known as BITTER has been targeting Pakistan and Chinese organizations using variants of a previously unreported downloader. We have named...
View ArticleCardinal RAT Sins Again, Targets Israeli Fin-Tech Firms
Unit 42 has discovered a new version of CardinalRat which we first discovered in 2016. This new version targets financial technology companies, primarily in Israel. It includes new anti-analysis...
View ArticleThe Gopher in the Room: Analysis of GoLang Malware in the Wild
In recent months, I have taken a keen interest in malware written in the Go programming language. Go, sometimes referred to as GoLang, was created by Google in 2009 and has gained additional popularity...
View ArticleAnother Apache Log4j Vulnerability Is Actively Exploited in the Wild...
We provide background and a root cause analysis of CVE-2021-44228, a remote code execution vulnerability in Apache log4j, and we recommend mitigations. The post Another Apache Log4j Vulnerability Is...
View ArticleThreat Brief: Ongoing Russia and Ukraine Cyber Activity
We analyze and suggest mitigations for CVE-2021-32648 and WhisperGate, two threats that have been targeting Ukrainian organizations. The post Threat Brief: Ongoing Russia and Ukraine Cyber Activity...
View ArticleThreat Brief: Atlassian Confluence Remote Code Execution Vulnerability...
CVE-2022-26134 is a critical severity unauthenticated remote code execution vulnerability in Atlassian Confluence Server and Data Center. We share statistics on potentially vulnerable servers and...
View ArticleThreat Brief: 3CXDesktopApp Supply Chain Attack (Updated)
This threat brief details a supply chain attack involving a software-based phone application 3CXDesktopApp that installs two malicious libraries. The post Threat Brief: 3CXDesktopApp Supply Chain...
View ArticleExploring the Latest Mispadu Stealer Variant
Evaluation of a new variant of Mispadu, a banking Trojan, highlights how infostealers evolve over time and can be hard to pin to past campaigns. The post Exploring the Latest Mispadu Stealer Variant...
View Article