Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?

Posts created by: Mike Harbison

Chinese PlugX Malware Hidden in Your USB Devices?A conceptual image representing malware, including PlugX
76,416
people reacted

Chinese PlugX Malware Hidden in Your USB Devices?

  • By Mike Harbison and Jen Miller-Osborn
  • January 26, 2023 at 6:00 AM

16

12 min. read

Russian APT29 Hackers Use Online Storage Services, DropBox and Google DriveA conceptual image representing espionage and the threat groups known for it, such as Cloaked Ursa (APT29).
88,356
people reacted

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

  • By Mike Harbison and Peter Renals
  • July 19, 2022 at 3:00 AM

58

15 min. read

Trending

  • Threat Brief: Attacks on Critical Infrastructure Attributed to Volt Typhoon by Unit 42
  • Cold as Ice: Unit 42 Wireshark Quiz for IcedID by Brad Duncan
  • Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices by Zhibin Zhang
  • Cold as Ice: Answers to Unit 42 Wireshark Quiz for IcedID by Brad Duncan
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious ActorsA conceptual image illustrating the concept of an adversary, underscoring the ethical discussion around red-teaming tools such as Brute Ratel
124,770
people reacted

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors

  • By Mike Harbison and Peter Renals
  • July 5, 2022 at 6:00 AM

71

15 min. read

Threat Brief: Ongoing Russia and Ukraine Cyber ActivityA conceptual image representing cyber conflict such as the use of CVE-2021-32648 and WhisperGate currently targeting Ukraine.
83,375
people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

  • By Robert Falcone, Mike Harbison and Josh Grunzweig
  • January 20, 2022 at 12:30 PM

55

8 min. read

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.
303,760
people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

  • By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
  • December 10, 2021 at 1:00 PM

471

15 min. read

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG GroupA conceptual image representing THOR, a previously unseen PlugX variant deployed by the PKPLUG Group. The image features a Panda because PKPLUG is also known as Mustang Panda. It also features the logos of Palo Alto Networks and Unit 42.
84,596
people reacted

THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group

  • By Mike Harbison and Alex Hinchliffe
  • July 27, 2021 at 12:00 PM

54

13 min. read

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTechBendyBear, conceptually illustrated here, is novel Chinese shellcode linked with cyber espionage group BlackTech.
80,159
people reacted

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

  • By Mike Harbison
  • February 9, 2021 at 3:00 AM

82

16 min. read

Threat Brief: Microsoft Vulnerability CVE-2020-16898Threat Brief standard image
38,132
people reacted

Threat Brief: Microsoft Vulnerability CVE-2020-16898

  • By Mike Harbison and Brandon Young
  • October 14, 2020 at 12:45 PM

27

2 min. read

Threat Brief: Microsoft Vulnerability CVE-2020-1472 “Zerologon”Illustration for threat briefs
49,197
people reacted

Threat Brief: Microsoft Vulnerability CVE-2020-1472 “Zerologon”

  • By Brandon Young and Mike Harbison
  • September 17, 2020 at 2:00 PM

24

2 min. read

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350Threat brief conceptual image
27,666
people reacted

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350

  • By Mike Harbison and Brandon Young
  • July 21, 2020 at 11:30 AM

38

< 1 min. read

33,028
people reacted

Threat Brief: Microsoft SMBv3 Wormable Vulnerability CVE-2020-0796

  • By Mike Harbison and Brandon Young
  • March 11, 2020 at 10:15 AM

45

2 min. read

Cortex XDR™ Detects New Phishing Campaign Installing NetSupport Manager RAT
42,576
people reacted

Cortex XDR™ Detects New Phishing Campaign Installing NetSupport Manager RAT

  • By Mike Harbison, Brittany Barbehenn and Bryan Lee
  • February 27, 2020 at 6:00 AM

34

9 min. read

Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601
24,720
people reacted

Threat Brief: Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601

  • By Brandon Young and Mike Harbison
  • January 17, 2020 at 1:46 PM

34

2 min. read

Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
57,239
people reacted

Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia

  • By Jen Miller-Osborn and Mike Harbison
  • December 17, 2019 at 5:30 AM

34

7 min. read

TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks
38,338
people reacted

TrickBot Campaign Uses Fake Payroll Emails to Conduct Phishing Attacks

  • By Bryan Lee, Brittany Barbehenn and Mike Harbison
  • December 9, 2019 at 6:00 AM

26

7 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.