Operation Blockbuster Goes Mobile
Operation Blockbuster goes mobile: Unit 42 identifies cluster of malware samples targeting Samsung devices and Korean language speakers.
Posts created by: Anthony Kasza
The Blockbuster Saga Continues
The Blockbuster saga continues: Unit 42 researchers disclose attack activity targeting individuals involved with U.S. defense contractors.
The Blockbuster Sequel
The Blockbuster sequel: Unit 42 researchers identify new overlapping threats tied to 2014’s Operation Blockbuster.
Get updates on Unit 42
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
The Gamaredon Group Toolset Evolution
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.
Houdini’s Magic Reappearance
Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were
Recent MNKit Exploit Activity Reveals Some Common Threads
Unit 42 recently identified a variant of MNKit-weaponized documents being used to deliver LURK0 Gh0st, NetTraveler, and Saker payloads. The documents were delivered to targets involved with universities, NGOs, and political/human rights groups concerning Islam and South Asia. Reuse of this MNKit variant, sender email addresses, email subject lines, attachment filenames, command and control domains,
Banload Malware Affecting Brazil Exhibits Unusually Complex Infection Process
As previously discussed by Unit 42, banking Trojans have been targeting Brazilian systems for years given the popularity of online banking services in the country. Recently, we analyzed a handful of samples targeting Brazilian systems that exhibited a unique and complex multi-stage loading process. Antivirus detection names for this malware typically are detected as generic
NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails
It seems every mainstream news event or holiday has an accompanying phishing campaign. Opportunistic actors hoping to capitalize on the public’s attention are often seen sending phishing e-mails with themes related to the news or the season.. It happened this last holiday season and will likely continue to occur as long as email is around.