Unit 42 Archives

34,007

people reacted

Threat Assessment: Black Basta Ransomware

By Amer Elsad
August 25, 2022 at 12:00 PM

12 min. read

A conceptual image representing cybercrime, such as the web skimmers discussed in this piece on top web threats.

33,660

people reacted

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

By Cecilia Hu, Tao Yan, Taojie Wang and Jin Chen
January 13, 2022 at 6:00 PM

8 min. read

A conceptual image representing malicious code, such as the web skimmer malicious JavaScript code injected into video as described here.

54,586

people reacted

A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

By Taojie Wang, Jin Chen and Tao Yan
January 3, 2022 at 12:00 PM

10 min. read

A conceptual image representing DNS security, such as the strategically aged domain detection system discussed here.

43,789

people reacted

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

By Zhanhao Chen, Daiping Liu, Wanjin Li and Jielong Xu
December 29, 2021 at 6:00 AM

9 min. read

A conceptual image representing network security trends, such as the analysis of network attacks for August-October 2021 provided here.

36,473

people reacted

Network Security Trends: August-October 2021

By Yue Guan
December 21, 2021 at 12:00 PM

10 min. read

A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.

281,290

people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
December 10, 2021 at 1:00 PM

438

15 min. read

A conceptual image representing problems on the web, such as the patient zero web threats discussed here.

38,475

people reacted

Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering

By Peng Peng, Fang Liu, Ben Zhang, Stefan Springer and Oleksii Starov
December 9, 2021 at 6:00 AM

13 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

55,847

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

10 min. read

A conceptual image representing attacks on DNS, including the Wildcard DNS abuse discussed here.

35,433

people reacted

Play Your Cards Right: Detecting Wildcard DNS Abuse

By Rebekah Houser and Daiping Liu
December 1, 2021 at 6:00 AM

10 min. read

A conceptual image representing misconfigurations in the cloud, including insecurely exposed services.

53,665

people reacted

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

By Jay Chen
November 22, 2021 at 12:00 PM

7 min. read

A conceptual image related to the domain name system, in this case applied to an analysis of top-level domains and malicious content.

51,918

people reacted

A Peek into Top-Level Domains and Cybercrime

By Janos Szurdi
November 11, 2021 at 6:00 AM

11 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

93,148

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

A conceptual image representing threats in the cloud, such as TeamTNT, which is expanding its cryptojacking footprint with new TTPs.

72,999

people reacted

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

By Nathaniel Quist
October 29, 2021 at 4:10 PM

9 min. read

A conceptual image representing network scanning, such as the network scanning traffic researchers observed in public clouds.

42,972

people reacted

Network Scanning Traffic Observed in Public Clouds

By Jay Chen
October 28, 2021 at 6:00 AM

6 min. read

A conceptual image representing malware, such as the BazarLoader windows-based malware discussed here.

52,135

people reacted

Case Study: From BazarLoader to Network Reconnaissance

By Brad Duncan
October 18, 2021 at 6:00 AM

7 min. read

Category: Unit 42

Threat Assessment: Black Basta Ransomware

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

Network Security Trends: August-October 2021

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

Play Your Cards Right: Detecting Wildcard DNS Abuse

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

A Peek into Top-Level Domains and Cybercrime

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

Network Scanning Traffic Observed in Public Clouds

Case Study: From BazarLoader to Network Reconnaissance

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account