In previous posts we have discussed how AutoFocus accelerates the analysis, hunting, and incident response workflows by providing full context for threat events seen on your network, as well as high-level visibility into how targeted a threat is against you or your industry peers. This visibility into the threat landscape enables teams to move away
We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after
Introduction Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. It has strong behavioral ties to Ke3chang
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Malware writers have always sought to develop feature-rich, easy to use tools that are also somewhat hard to detect via both host- and network-based detection systems. For many years, one of the go-to families of malware used by both less-skilled and advanced actors has been the Poison Ivy (aka PIVY) RAT. Poison Ivy has a
Unit 42 recently published a blog on a newly identified Trojan called Bookworm, which discussed the architecture and capabilities of the malware and alluded to Thailand being the focus of the threat actors’ campaigns. In this blog, we will discuss the current attack campaign along with the associated threat infrastructure and the actor’s tactics, techniques
Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have