Posts created by: Tom Lancaster

Inception targets Europe with year old office vulnerability. Read the full report.

Unit 42 uncovers DarkHydrus, a new threat actor group targeting Middle East government.

Unit 42 investigates the RANCOR group’s use of DDKONG and PLAINTEE malware families to deliver targeted espionage attacks in South East Asia

Unit 42 goes inside the coop with new analysis and additional information on malicious HenBox applications

Unit 42 discovers HenBox, an Android Malware family masquerading as legitimate apps on third-party app stores.

Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered.

Unit 42 discovers MuddyWater, a threat group targeting entities in the Middle East and beyond.

Unit 42 examines the continued effectiveness of Paranoid PlugX malware.

This post explores how the attackers attempt to gain a foothold into target networks before briefly describing the malware families used.

Taiwan has been a regular target of cyber espionage threat actors for a number of years. Reasons for Taiwan being targeted range from being one of the sovereign states of the disputed South China Sea region to its emerging economy and growth with Taiwan being one of the most innovative countries in the High-Tech industry

Introduction When malware wants to communicate home, most use domain names, allowing them to resolve host names to IP addresses of their servers. In order to increase the likelihood of their malware successfully communicating home, cyber espionage threat actors are increasingly abusing legitimate web services, in lieu of DNS lookups to retrieve a command and