Right arrow
Pictorial representation of detecting DNS hijacking. Digital illustration of a futuristic data center with glowing blue server racks connected by light beams, surrounded by cloud computing icons, set against a dark background.
category iconThreat Research

Automatically Detecting DNS Hijacking in Passive DNS
Pictorial representation of a threat like the Bring Your Own Vulnerable Driver (BYOVD) technique. Image of computer code on a screen with a prominent biohazard symbol.
category iconThreat Research

TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit
A representation of a threat group like Jumpy Pisces. Illustrative image featuring two fish and the Pisces constellation superimposed on a stylized, abstract background with flowing purple waves and a starry night sky.
category iconThreat Actor Groups

Jumpy Pisces Engages in Play Ransomware

Access the latest threat research

View all research Right Arrow
A pictorial representation of jailbreaking a large language model. A glowing cube with the letters "AI" illuminated in blue, surrounded by a network of interconnected circuits and data lines, representing artificial intelligence technology.
category iconVulnerabilities

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
Read now
Pictorial representation of Gatekeeper Bypass. A person working intently at a computer in a modern office environment, with reflective digital graphs overlaid on the image suggesting data analysis.
category iconVulnerabilities

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
Read now
Pictorial representation of a campaign like Contagious Interview. Digital graphic of a glowing globe with network connections and data streams, symbolizing global connectivity and technology advancements.
category iconMalware

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Read now

Understand high profile cyberthreats and vulnerabilities

View high profile threats Right Arrow
Pictorial representation of Lynx ransomware. A digital illustration of glowing chains with broken links, set against a background of binary code in blue and red.
category iconRansomware

Lynx Ransomware: A Rebranding of INC Ransomware
Read now
A pictorial representation of Cicada3301 ransomware. Digital rendering of a transparent padlock superimposed with programming code and placed on a network of connected databases, symbolizing cybersecurity and data protection.
category iconRansomware

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Read now
Illustrative image featuring two fish and the Pisces constellation superimposed on a stylized, abstract background with flowing purple waves and a starry night sky.
category iconMalware

Threat Assessment: North Korean Threat Groups
Read now
Abstract illustration of a network sppread like a spiderweb, connecting covering the globe and symbolizing data or communication links.
category iconVulnerabilities

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability
Read now
A digital illustration of a world map focused on Europe and parts of Asia, highlighted with glowing connections and nodes representing global connectivity.
category iconVulnerabilities

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated May 20)
Read now
Futuristic illustration with glowing neon lights and advanced technology motifs, depicting cloud computing and data flow through interconnected networks. The scene is highlighted by hovering digital clouds and dynamic, illuminated linear structures, set in a dramatic, blue and orange color scheme.
category iconCloud Cybersecurity Research

Muddled Libra’s Evolution to the Cloud
Read now

Watch, listen and learn about cybersecurity topics

View All Right Arrow

Follow the activities of threat actor groups tracked by Unit 42

All threat actor posts Right Arrow
Pictorial representation of a campaign like Contagious Interview. Digital graphic of a glowing globe with network connections and data streams, symbolizing global connectivity and technology advancements.
category iconMalware

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Read now
Pictorial representation of keylogger malware like KLogEXE and FPSpy. Person working on a laptop with lines of code displayed on the screen, with a blurred effect indicating motion or activity, surrounded by a vivid blue and red lighting.
category iconMalware

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy
Read now
Pictorial representation of APT groups from North Korea. The silhouette of two fish and the Pisces constellation inside an orange abstract planet, surrounded by two larger blue fish. Abstract, stylized cosmic setting with vibrant blue and purple shapes, representing space and distant planetary bodies.
category iconMalware

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
Read now
A pictorial representation of Cicada3301 ransomware. Digital rendering of a transparent padlock superimposed with programming code and placed on a network of connected databases, symbolizing cybersecurity and data protection.
category iconRansomware

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Read now
Illustrative image featuring two fish and the Pisces constellation superimposed on a stylized, abstract background with flowing purple waves and a starry night sky.
category iconMalware

Threat Assessment: North Korean Threat Groups
Read now
Pictorial representation of Stately Taurus' updated TTPs. Illustration of a bull's head and the Taurus constellation inside a stylized orange moon, set against the profile of a much larger bull's head. Shooting stars are on the dark background.
category iconMalware

Chinese APT Abuses VSCode to Target Government in Asia
Read now

Explore in-depth cybersecurity trend reports

View All Right Arrow
Report

Updated: 2024 Unit 42 Incident Response Report

Access our survey of incident data from more than 250 organizations and 600 incidents, updated for summer 2024. You’ll better understand the threats you face, including:

Initial access

  • Attackers exploited software vulnerabilities to gain access 36% more often in 2023 than previous years… and that trend is continuing in 2024.

Data theft tactics

  • In 93% of incidents Unit 42 responded to, threat actors took data indiscriminately rather than searching for specific data.

Plus updated spotlights on attackers, artificial intelligence, predictions (and how we’re doing against them), and more.

 

Get the report
Cover of the 2024 Unit 42 Incident Response Report
A pictorial representation of AI threats. Looking over the shoulder of a man in the cockpit of a vessel in space, the window looks out on an Earth-like planet.
category iconSecurity Technology

Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks
Read now
Pictorial representation of attack surface management. Close-up of a person wearing glasses with computer code reflections on the lenses.
category iconSecurity Technology

Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure
Read now
Pictorial representation of ransomware activity in the first half of 2024. A digitial illustration of a lock made up of nodes glowing against a background of bokeh points.
category iconRansomware

Ransomware Review: First Half of 2024
Read now
category iconCloud Cybersecurity Research

Attack Paths Into VMs in the Cloud
Read now

Default Heading

Read the article Right Arrow