Tom Lancaster, Author at Unit42

Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms

Unit 42 has discovered a new version of CardinalRat which we first discovered in 2016. This new version targets financial technology companies, primarily in Israel. It includes new anti-analysis capabilities, including the use of steganography. In addition to our research, we include a new Python script to decrypt the steganographic payload.

By Tom Lancaster and Josh Grunzweig
March 19, 2019 at 6:00 AM

Inception Attackers Target Europe with Year-old Office Vulnerability

Inception targets Europe with year old office vulnerability. Read the full report.

By Tom Lancaster
November 5, 2018 at 8:00 AM

New Threat Actor Group DarkHydrus Targets Middle East Government

Unit 42 uncovers DarkHydrus, a new threat actor group targeting Middle East government.

By Robert Falcone, Bryan Lee and Tom Lancaster
July 27, 2018 at 4:15 PM

RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families

Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia

By Brittany Ash, Josh Grunzweig and Tom Lancaster
June 26, 2018 at 5:00 AM

HenBox: Inside the Coop

Unit 42 goes inside the coop with new analysis and additional information on malicious HenBox applications

By Alex Hinchliffe, Mike Harbison, Jen Miller-Osborn and Tom Lancaster
April 26, 2018 at 5:00 AM

HenBox: The Chickens Come Home to Roost

Unit 42 discovers HenBox, an Android Malware family masquerading as legitimate apps on third-party app stores.

By Alex Hinchliffe, Mike Harbison, Jen Miller-Osborn and Tom Lancaster
March 13, 2018 at 5:00 AM

VERMIN: Quasar RAT and Custom Malware Used In Ukraine

Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered.

By Tom Lancaster and Juan Cortes
January 29, 2018 at 5:00 AM

Muddying the Water: Targeted Attacks in the Middle East

Unit 42 discovers MuddyWater, a threat group targeting entities in the Middle East and beyond.

By Tom Lancaster
November 14, 2017 at 1:00 PM

Paranoid PlugX

Unit 42 examines the continued effectiveness of Paranoid PlugX malware.

By Tom Lancaster and Esmid Idrizovic
June 27, 2017 at 5:00 AM

Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA

This post explores how the attackers attempt to gain a foothold into target networks before briefly describing the malware families used.

By Tomer Bar and Tom Lancaster
April 5, 2017 at 5:00 AM

Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy

Taiwan has been a regular target of cyber espionage threat actors for a number of years. Reasons for Taiwan being targeted range from being one of the sovereign states of the disputed South China Sea region to its emerging economy and growth with Taiwan being one of the most innovative countries in the High-Tech industry

By Vicky Ray, Robert Falcone, Jen Miller-Osborn and Tom Lancaster
November 22, 2016 at 3:30 AM

Confucius Says…Malware Families Get Further By Abusing Legitimate Websites

Introduction When malware wants to communicate home, most use domain names, allowing them to resolve host names to IP addresses of their servers. In order to increase the likelihood of their malware successfully communicating home, cyber espionage threat actors are increasingly abusing legitimate web services, in lieu of DNS lookups to retrieve a command and

By Tom Lancaster and Micah Yates
September 28, 2016 at 10:10 AM

Posts created by: Tom Lancaster