Unit 42 Archives

A conceptual image representing malware, such as IronNetInjector, discussed in this blog, Turla's new malware loading tool.

14,714

people reacted

IronNetInjector: Turla’s New Malware Loading Tool

By Dominik Reichel
February 19, 2021 at 6:00 AM

10 min. read

This conceptual image illustrates cryptojacking, such as the WatchDog cryptojacking compaign discussed in this blog.

12,813

people reacted

WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

By Nathaniel Quist
February 17, 2021 at 6:00 AM

16 min. read

Threat brief conceptual image, covering analysis and mitigations of vulnerabilities such as CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094

29,743

people reacted

Threat Brief: Windows IPv4 and IPv6 Stack Vulnerabilities (CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094)

By Abisheik Ganesan
February 9, 2021 at 2:30 PM

6 min. read

BendyBear, conceptually illustrated here, is novel Chinese shellcode linked with cyber espionage group BlackTech.

28,515

people reacted

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

By Mike Harbison
February 9, 2021 at 3:00 AM

16 min. read

Conceptual image representing a vulnerability, such as CVE-2020-25213, discussed here.

16,112

people reacted

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

By Nadav Markus, Efi Barkayev and Gal De Leon
February 5, 2021 at 3:00 PM

2 min. read

This conceptual image covers the concept of container security. Attacks on containers, such as that of the Hildegard malware detailed here, can allow attackers access to a large amount of computing resources.

25,741

people reacted

Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

By Jay Chen, Aviv Sasson and Ariel Zelivansky
February 3, 2021 at 6:00 AM

10 min. read

20,980

people reacted

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

By Aviv Sasson
January 28, 2021 at 6:00 AM

7 min. read

The conceptual image represents internet attack trends such as those discussed here, including scanner activities and HTTP directory traversal exploitation attempts.

18,128

people reacted

Network Attack Trends: Internet of Threats

By Yue Guan, Lei Xu, Ken Hsu and Zhibin Zhang
January 22, 2021 at 6:00 AM

8 min. read

The word "Tutorial," superimposed over an image used in the Wireshark Tutorial series.

31,478

people reacted

Wireshark Tutorial: Examining Emotet Infection Traffic

By Brad Duncan
January 19, 2021 at 6:00 AM

15 min. read

This conceptual image illustrates the concept of cloud providers.

20,341

people reacted

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

By Michael Bailey
January 12, 2021 at 6:00 AM

6 min. read

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.

23,414

people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

By Robert Falcone
January 11, 2021 at 12:01 AM

25 min. read

The image represents malicious email campaigns, such as TA551, often push a variety of malware, such as Valak and IcedID.

25,239

people reacted

TA551: Email Attack Campaign Switches from Valak to IcedID

By Brad Duncan
January 7, 2021 at 12:01 AM

9 min. read

A conceptual image illustrating the concept of DNS vulnerabilities through a set of folders with one opened by an attacker.

29,361

people reacted

The History of DNS Vulnerabilities and the Cloud

By Daniel Prizmant
December 28, 2020 at 6:00 AM

14 min. read

A conceptual image illustrating the concept of a cyberattack with widespread global effects, such as the suspected nation-state attack detailed in this SolarStorm timeline summary.

57,904

people reacted

SolarStorm Supply Chain Attack Timeline

By Unit 42
December 23, 2020 at 9:15 AM

11 min. read

Kubernetes, vulnerability CVE-2020-8554, conceptual image

32,928

people reacted

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

By Yuval Avrahami
December 21, 2020 at 3:30 PM

7 min. read

Category: Unit 42

IronNetInjector: Turla’s New Malware Loading Tool

WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

Threat Brief: Windows IPv4 and IPv6 Stack Vulnerabilities (CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094)

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

Network Attack Trends: Internet of Threats

Wireshark Tutorial: Examining Emotet Infection Traffic

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

TA551: Email Attack Campaign Switches from Valak to IcedID

The History of DNS Vulnerabilities and the Cloud

SolarStorm Supply Chain Attack Timeline

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account