Unit 42 - Latest Cyber Security Research | Palo Alto Networks

A pictorial representation of malware analyzed via configuration extractors. An open laptop against a dark background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

2

people reacted

Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer

Using extractors written in Python, we detail our system for extracting internal malware configurations from memory dumps. GuLoader and RedLine Stealer are our examples.

GuLoader and RedLine Stealer Analysis

0

6 min. read

Cloud Threats: Original Research and In-Depth Analysis

Cloud Threats: Original Research and In-Depth Analysis

Learn more

Threat Vector: The Unit 42 Podcast

Threat Vector: The Unit 42 Podcast

Listen

A pictorial representation of malware analyzed via configuration extractors. An open laptop against a dark background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

2

people reacted

Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer

By Mark Lim and Zong-Yu Wu
January 5, 2024 at 3:00 AM

0

6 min. read

From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence

4,029

people reacted

From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence

By Samantha Stallings and Brad Duncan
December 29, 2023 at 6:00 AM

28

9 min. read

A pictorial representation of misconfiguration or overprivileged components in Kubernetes.

3,840

people reacted

Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes

By Shaul Ben Hai
December 27, 2023 at 6:00 AM

21

11 min. read

A pictorial representation of malware distributed via JavaScript. An open laptop against an orange background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

3,435

people reacted

Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets

By Billy Melicher, Nabeel Mohamed and Alex Starov
December 20, 2023 at 3:00 AM

30

9 min. read

A pictorial representation of malicious stockpiled domains.

4,082

people reacted

Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

By Janos Szurdi, Shehroze Farooqi and Nabeel Mohamed
December 15, 2023 at 3:00 PM

30

13 min. read

A stylized portrayal of APT Fighting Ursa. The marks from bear claws in bright orange against the backdrop of a night sky.

9,201

people reacted

Fighting Ursa Aka APT28: Illuminating a Covert Campaign

By Unit 42
December 7, 2023 at 6:00 AM

42

6 min. read

A pictorial representation of malware like Agent Racoon, Ntospy and Mimilite. An open laptop against a blue background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

10,666

people reacted

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

By Chema Garcia
December 1, 2023 at 3:00 AM

45

14 min. read

A pictorial representation of a vulnerability such as that found in Google Workspace. A stylized cloud with a lock hanging from it surrounded by technical tools. The Palo Alto Networks and Unit 42 logos.

4,061

people reacted

Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature

By Zohar Zigdon
November 30, 2023 at 3:00 PM

17

10 min. read

15,058

people reacted

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

By Unit 42
November 21, 2023 at 6:00 AM

119

17 min. read

A pictorial representation of Stately Taurus. The head of a bull inset on a red circle. The constellation of taurus. These elements are surrounded by a starry night sky.

7,644

people reacted

Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific

By Unit 42
November 17, 2023 at 3:00 AM

91

6 min. read

A pictorial representation of a vulnerability like CVE-2023-36884, CVE-2023-36584,. A laptop screen displays lines of text. A magnifying glass examining the screen has within it a warning icon.

9,029

people reacted

In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584

By Eli Birkan, Dan Yashnik, Oriel Cochavi, Bar Lahav and Mike Harbison
November 13, 2023 at 3:00 AM

77

18 min. read

A collection of icons representing the dangers of clickbait sites. Warning icons, a figure wearing a mask, phishing and more. The Palo Alto Networks and Unit 42 logos.

3,583

people reacted

High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites

By Shresta Bellary Seetharam, Tao Yan, Nabeel Mohamed, Tim Hofmockel, Alex Starov and Brad Duncan
November 9, 2023 at 12:00 PM

48

8 min. read

A pictorial representation of a Chinese APT targeting Cambodian government entities. A world map with location markers. Around it are icon of types of attacks: bugs, hacking, and other indicators of tools such as graphs.

9,868

people reacted

Chinese APT Targeting Cambodian Government

By Unit 42
November 7, 2023 at 9:01 PM

48

5 min. read

Pictorial representation of the APT Agonizing Serpens. An illustrated orange and red snake is highlighted by a red circle against a night sky. The constellation serpens.

10,265

people reacted

Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

By Or Chechik, Tom Fakterman, Daniel Frank and Assaf Dahan
November 6, 2023 at 3:00 AM

53

19 min. read

Threat brief conceptual image for CVE-2023-4966 affecting Citrix/NetScaler. A long scroll with data and text floats before an orange background.

7,864

people reacted

Threat Brief: Citrix Bleed CVE-2023-4966

By Unit 42
November 1, 2023 at 3:00 PM

18

5 min. read