Unit 42 - Latest Cyber Security Research

A conceptual image representing ransomware, such as the ransomware families discussed in this post.

2,516

people reacted

Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report

By Guang Qing He, Cecil Liu, Aiden Huang and Royce Lu
July 28, 2021 at 6:00 AM

7 min. read

A conceptual image representing THOR, a previously unseen PlugX variant deployed by the PKPLUG Group. The image features a Panda because PKPLUG is also known as Mustang Panda. It also features the logos of Palo Alto Networks and Unit 42.

7,071

people reacted

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group

By Mike Harbison and Alex Hinchliffe
July 27, 2021 at 12:00 PM

13 min. read

9,831

people reacted

Evade Sandboxes With a Single Bit – the Trap Flag

By Mark Lim
July 19, 2021 at 3:30 PM

5 min. read

14,720

people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

By Robert Falcone, Alex Hinchliffe and Quinn Cooke
July 15, 2021 at 3:00 AM

23 min. read

A conceptual image representing a threat brief, such as this post, covering CVE-2021-34527

12,386

people reacted

Threat Brief: Windows Print Spooler RCE Vulnerability (CVE-2021-34527 AKA PrintNightmare)

By Unit 42
July 14, 2021 at 4:00 PM

2 min. read

A conceptual image representing the REvil threat actors discussed in the post.

33,235

people reacted

Understanding REvil: The Ransomware Gang Behind the Kaseya VSA Attack

By John Martineau
July 6, 2021 at 2:50 PM

7 min. read

17,780

people reacted

Threat Brief: Kaseya VSA Ransomware Attack

By Unit 42
July 3, 2021 at 3:15 PM

2 min. read

A conceptual image representing trends, such as the network attack trends for February-April 2021.

12,227

people reacted

Network Attack Trends: February-April 2021

By Yue Guan, Lei Xu, Vaibhav Singhal and Brock Mammen
July 1, 2021 at 3:00 PM

10 min. read

The Conti ransomware gang gets an overview.

20,416

people reacted

Conti Ransomware Gang: An Overview

By Richard Hickman
June 18, 2021 at 6:00 AM

5 min. read

A conceptual image representing adversaries and their tactics, such as the Matanbuchus malware-as-a-service described here.

20,116

people reacted

Matanbuchus: Malware-as-a-Service with Demonic Intentions

By Jeff White and Kyle Wilhoit
June 16, 2021 at 7:32 AM

9 min. read

A conceptual image representing Prometheus ransomware

30,214

people reacted

Prometheus Ransomware Gang: A Group of REvil?

By Doel Santos
June 9, 2021 at 3:00 AM

9 min. read

A conceptual image representing threats in the cloud, such as TeamTNT, which is expanding its cryptojacking footprint with new TTPs.

21,188

people reacted

TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint

By Nathaniel Quist
June 8, 2021 at 6:00 AM

9 min. read

A conceptual image representing Siloscape, the first known malware targeting Windows containers.

44,620

people reacted

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

By Daniel Prizmant
June 7, 2021 at 3:00 AM

11 min. read

A conceptual image representing cloud misconfigurations, which can often be a vector for attackers such as TeamTNT to perform activities such as enumerating cloud environments.

22,976

people reacted

TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations

By Nathaniel Quist
June 4, 2021 at 6:00 AM

13 min. read

A conceptual image representing Docker and related container security issues, such as those revealed by the Docker honeypot discussed here.

26,725

people reacted

Docker Honeypot Reveals Cryptojacking as Most Common Cloud Threat

By Aviv Sasson
May 27, 2021 at 12:00 PM

5 min. read

Highlights from the Unit 42 Cloud Threat Report, 1H 2021

Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Ransomware Families: 2021 Data to Supplement the Unit 42 Ransomware Threat Report

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group

Evade Sandboxes With a Single Bit – the Trap Flag

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

Threat Brief: Windows Print Spooler RCE Vulnerability (CVE-2021-34527 AKA PrintNightmare)

Understanding REvil: The Ransomware Gang Behind the Kaseya VSA Attack

Threat Brief: Kaseya VSA Ransomware Attack

Network Attack Trends: February-April 2021

Conti Ransomware Gang: An Overview

Matanbuchus: Malware-as-a-Service with Demonic Intentions

Prometheus Ransomware Gang: A Group of REvil?

TeamTNT Using WatchDog TTPs to Expand Its Cryptojacking Footprint

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments

TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations

Docker Honeypot Reveals Cryptojacking as Most Common Cloud Threat

Popular Resources

Legal Notices

Account

Get updates on Unit 42

Trending

Popular Resources

Legal Notices

Account