Operation Blockbuster goes mobile: Unit 42 identifies cluster of malware samples targeting Samsung devices and Korean language speakers.
The Blockbuster saga continues: Unit 42 researchers disclose attack activity targeting individuals involved with U.S. defense contractors.
The Blockbuster sequel: Unit 42 researchers identify new overlapping threats tied to 2014’s Operation Blockbuster.
Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.
Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were
Unit 42 recently identified a variant of MNKit-weaponized documents being used to deliver LURK0 Gh0st, NetTraveler, and Saker payloads. The documents were delivered to targets involved with universities, NGOs, and political/human rights groups concerning Islam and South Asia. Reuse of this MNKit variant, sender email addresses, email subject lines, attachment filenames, command and control domains,
As previously discussed by Unit 42, banking Trojans have been targeting Brazilian systems for years given the popularity of online banking services in the country. Recently, we analyzed a handful of samples targeting Brazilian systems that exhibited a unique and complex multi-stage loading process. Antivirus detection names for this malware typically are detected as generic
It seems every mainstream news event or holiday has an accompanying phishing campaign. Opportunistic actors hoping to capitalize on the public’s attention are often seen sending phishing e-mails with themes related to the news or the season.. It happened this last holiday season and will likely continue to occur as long as email is around.