Kaoru Hayashi, Author at Unit42

Analysis of Smoke Loader in New Tsunami Campaign

Unit 42’s research on Smoke Loader, a malware that encrypts network traffic and files with various keys to avoid analysis

By Kaoru Hayashi
December 19, 2018 at 8:12 PM

Bisonal Malware Used in Attacks Against Russia and South Korea

Unit 42 takes a look at how Bisonal Malware was used in attacks against Russia and South Korea. Read the full report.

By Kaoru Hayashi and Vicky Ray
July 31, 2018 at 5:00 AM

Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems

Recently, Palo Alto Networks Unit 42 discovered the Tick group targeted a specific type of secure USB drive created by a South Korean defense company

By Kaoru Hayashi and Mike Harbison
June 22, 2018 at 1:00 PM

UBoatRAT Navigates East Asia

Unit 42 uncovers UBoatRAT, a new custom Remote Access Trojan navigating through East Asia.

By Kaoru Hayashi
November 28, 2017 at 1:00 PM

“Tick” Group Continues Attacks

New Unit 42 research on the “Tick” group’s espionage attacks targeting organizations in Japan and Korea.

By Kaoru Hayashi
July 24, 2017 at 6:00 PM

Banking Trojans: Ursnif Global Distribution Networks Identified

Unit 42 analyzes the Ursnif banking Trojan.

By Kaoru Hayashi
February 15, 2017 at 9:00 PM

MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies

(This blog post is also available in Japanese.) In June 2016, Unit 42 published the blog post “Tracking Elirks Variants in Japan: Similarities to Previous Attacks”, in which we described the resemblance of attacks using the Elirks malware family in Japan and Taiwan. Since then, we continued tracking this threat using Palo Alto Networks AutoFocus

By Kaoru Hayashi
September 14, 2016 at 5:00 PM

Tracking Elirks Variants in Japan: Similarities to Previous Attacks

A recent, well-publicized attack on a Japanese business involved two malware families, PlugX and Elirks, that were found during the investigation. PlugX has been used in a number of attacks since first being discovered in 2012, and we have published several articles related to its use, including an analysis of an attack campaign targeting Japanese

By Kaoru Hayashi
June 23, 2016 at 4:00 PM

KRBanker Targets South Korea Through Adware and Exploit Kits

Online banking services have been a prime target of cyber criminals for many years and attacks continue to grow. Targeting online banking users and stealing their credentials has yielded huge profits for the criminals behind these campaigns. Unit 42 has been tracking “KRBanker” AKA ‘Blackmoon’, since late last year. This campaign specifically targets banks of

By Kaoru Hayashi and Vicky Ray
May 9, 2016 at 6:30 AM

New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan

On December 24, 2015, Unit 42 identified a targeted attack, delivered via email, on a high profile Indian diplomat, an Ambassador to Afghanistan. The body and content of the email suggest that it was crafted and spoofed to look like it was sent by the current Defence Minister of India, Mr. Manohar Parrikar, commending the

By Vicky Ray and Kaoru Hayashi
February 29, 2016 at 5:00 PM

Posts created by: Kaoru Hayashi