Unit 42 has discovered a new version of CardinalRat which we first discovered in 2016. This new version targets financial technology companies, primarily in Israel. It includes new anti-analysis capabilities, including the use of steganography. In addition to our research, we include a new Python script to decrypt the steganographic payload.
Since at least 2015, a suspected South Asian threat grouping known as BITTER has been targeting Pakistan and Chinese organizations using variants of a previously unreported downloader. We have named this malware family ArtraDownloader. Starting in September 2018 and continuing through the beginning of 2019, BITTER launched a wave of attacks targeting Pakistan and Saudi Arabia. This is the first reported instance of BITTER targeting Saudi Arabia.
Unit 42 uncovers a campaign leveraging a previously unreported customized dropper used to deliver lures primarily pertaining to the South Korean and North Korea region.
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.
Unit 42 uncovers NOKKI, a type of malware with ties to the previously discovered KONNI malware family, used to attack Eurasia and Southeast Asia.
Slithering between nation state and cybercrime: Unit 42 examines the Gorgon Group’s unsophisticated yet effective attacks. Read the full report.
Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia
Unit 42 investigates the rise of cryptocurrency miners.
Unit 42 unravels TheBottle’s activities and his newest malware family
Unit 42 observes the Patchwork group continuing to use weaponized legitimate documents to deliver their updated BADNEWS payload.
Unit 42 discovers ComboJack, a new currency stealer that alters clipboards to steal cryptocurrency.
Unit 42 observes Russian BitTorrent site covertly mining Monero cryptocurrency to its users
Unit 42 tracks a series of attacks that use a remote backdoor malware family named Comnie
Unit 42 observes a wave of attacks leveraging popular third party services to deliver malicious decoy documents.
Unit 42 analyzes a large-scale Monero cryptocurrency mining operation that leverages the open source XMRig utility.
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.