Posts created by: Unit 42

Our latest ongoing research into the Silver Terrier Nigerian threat actors shows that attacks increased by 54 percent in 2018 as targeting of high-tech firms and manufacturers surged.
We also show how attackers are using more sophisticated tools like information stealers, remote access tools and obfuscating malware so that it’s only detected 58% of the time. Unit 42 has observed
1.1 million attacks with more than 51,000 malware samples over the four years we have been monitoring this threat actor.

In December 2018, Palo Alto Networks Unit 42 researchers identified an ongoing campaign with a strong focus on the hospitality sector, specifically on hotel reservations. Although our initial analysis didn’t show any novel or advanced techniques, we did observe strong persistence during the campaign that triggered our curiosity.

In February 2019, Palo Alto Networks Unit 42 researchers identified spear phishing emails sent in November 2018 containing new malware that shares infrastructure with playbooks associated with North Korean campaigns. The emails had a malicious Excel macro document attached, which when executed led to a new Microsoft Visual Basic (VB) script-based malware family which we are dubbing “BabyShark”.

One of the most important “innovations” in malware in the past decade is what’s called a Domain Generation Algorithm (“DGA”)”. While DGA has been in use for over 10 years now, it’s still a potent technique that has been a particular challenge for defenders to counter. Fortunately, there are emerging technologies now that can better counter DGAs.

On December 20, 2018 the US Department of Justice indicted two Chinese nationals on charges of computer hacking, conspiracy to commit wire fraud, and aggravated identity theft. The two are alleged members of a hacking group known as menuPass . The compromised organizations were located around the world in industries such as banking and finance, healthcare and medical equipment, government, aerospace, defense, telecommunications, and consumer electronics.  Unit 42 is releasing all IOCs we have associated with menuPass in an effort to provide defenders with an extensive list of their malware and attack infrastructure.

This time every year, people all over the world get new devices. Regardless of what holiday(s) you may (or may not) celebrate, the end of the year is a time for people to give and receive some of the latest devices to come on to the market. Nothing spoils a new gadget more than having

The benefits for enterprises moving to the cloud are clear: greater flexibility, agility, scalability and cost savings. However, adopting public cloud infrastructure can also magnify security risks and compliance challenges. Unit 42’s latest report examines the latest cloud security trends and tips.

Unit 42 reveals new techniques to uncover and attribute Cobalt Gang commodity builders and infrastructure. Read the full report.

New Unit 42 Threat Brief: learn why you should embrace mobile banking with caution.

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered ten vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their October 2018 APSB18-30 security update release.   CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s) CVE-2018-12769 Use After

Get Unit 42’s latest paper detailing the continued growth of Nigerian cybercrime

Unit 42 investigates Rarog, a relatively unknown coin mining Trojan sold on various underground forums.

Threat Brief: unauthorized coin mining – a new threat facing shoppers and retailers this holiday season.

Unit 42 tracks Subaat: a small phishing campaign targeting government organizations.

Read the new Unit 42 Threat Brief for the latest update on Shamoon 2.