Unit 42 - Latest Cyber Security Research

A conceptual image representing targeted attacks, including the type of malware discussed here, dropped by Excel add-ins and Office 4.0 macros.

515

people reacted

Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies

By Yaron Samuel
January 25, 2022 at 6:00 AM

8 min. read

10,574

people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Conflict

By Robert Falcone, Mike Harbison and Josh Grunzweig
January 20, 2022 at 12:30 PM

8 min. read

A conceptual image representing an adversary, such as the members of the business email compromise ring SilverTerrier, some of whom were arrested in INTERPOL's recent Operation Falcon II

6,167

people reacted

Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members

By Unit 42
January 19, 2022 at 8:00 AM

9 min. read

A conceptual image representing cybercrime, such as the web skimmers discussed in this piece on top web threats.

8,205

people reacted

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

By Cecilia Hu, Tao Yan, Taojie Wang and Jin Chen
January 13, 2022 at 6:00 PM

8 min. read

A conceptual image representing malicious code, such as the web skimmer malicious JavaScript code injected into video as described here.

21,561

people reacted

A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

By Taojie Wang, Jin Chen and Tao Yan
January 3, 2022 at 12:00 PM

10 min. read

A conceptual image representing DNS security, such as the strategically aged domain detection system discussed here.

21,915

people reacted

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

By Zhanhao Chen, Daiping Liu, Wanjin Li and Jielong Xu
December 29, 2021 at 6:00 AM

9 min. read

A conceptual image representing network security trends, such as the analysis of network attacks for August-October 2021 provided here.

18,551

people reacted

Network Security Trends: August-October 2021

By Yue Guan
December 21, 2021 at 12:00 PM

10 min. read

A conceptual image representing problems on the web, such as the patient zero web threats discussed here.

22,620

people reacted

Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering

By Peng Peng, Fang Liu, Ben Zhang, Stefan Springer and Oleksii Starov
December 9, 2021 at 6:00 AM

13 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

36,669

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

10 min. read

A conceptual image representing attacks on DNS, including the Wildcard DNS abuse discussed here.

21,595

people reacted

Play Your Cards Right: Detecting Wildcard DNS Abuse

By Rebekah Houser and Daiping Liu
December 1, 2021 at 6:00 AM

10 min. read

A conceptual image representing misconfigurations in the cloud, including insecurely exposed services.

37,143

people reacted

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

By Jay Chen
November 22, 2021 at 12:00 PM

7 min. read

A conceptual image related to the domain name system, in this case applied to an analysis of top-level domains and malicious content.

35,308

people reacted

A Peek into Top-Level Domains and Cybercrime

By Janos Szurdi
November 11, 2021 at 6:00 AM

11 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

64,805

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

A conceptual image representing threats in the cloud, such as TeamTNT, which is expanding its cryptojacking footprint with new TTPs.

61,317

people reacted

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

By Nathaniel Quist
October 29, 2021 at 4:10 PM

9 min. read

A conceptual image representing network scanning, such as the network scanning traffic researchers observed in public clouds.

33,627

people reacted

Network Scanning Traffic Observed in Public Clouds

By Jay Chen
October 28, 2021 at 6:00 AM

6 min. read

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28)

Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies

Threat Brief: Ongoing Russia and Ukraine Cyber Conflict

Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

Network Security Trends: August-October 2021

Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

Play Your Cards Right: Detecting Wildcard DNS Abuse

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

A Peek into Top-Level Domains and Cybercrime

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

Network Scanning Traffic Observed in Public Clouds

Popular Resources

Legal Notices

Account

Get updates on Unit 42

Trending

Popular Resources

Legal Notices

Account