• Tools
  • ATOMs
  • About Us

Category: Unit 42

A conceptual image representing malware, such as IronNetInjector, discussed in this blog, Turla's new malware loading tool.
14,714
people reacted

IronNetInjector: Turla’s New Malware Loading Tool

  • By Dominik Reichel
  • February 19, 2021 at 6:00 AM

26

10 min. read

This conceptual image illustrates cryptojacking, such as the WatchDog cryptojacking compaign discussed in this blog.
12,813
people reacted

WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years

  • By Nathaniel Quist
  • February 17, 2021 at 6:00 AM

9

16 min. read

Trending

  • COVID-19: Cloud Threat Landscape
  • SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
  • Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
  • Threat Brief: Maze Ransomware Activities
  • COVID-19 Themed Malware Within Cloud Environments
Threat brief conceptual image, covering analysis and mitigations of vulnerabilities such as CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094
29,743
people reacted

Threat Brief: Windows IPv4 and IPv6 Stack Vulnerabilities (CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094)

  • By Abisheik Ganesan
  • February 9, 2021 at 2:30 PM

50

6 min. read

BendyBear, conceptually illustrated here, is novel Chinese shellcode linked with cyber espionage group BlackTech.
28,515
people reacted

BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech

  • By Mike Harbison
  • February 9, 2021 at 3:00 AM

55

16 min. read

Conceptual image representing a vulnerability, such as CVE-2020-25213, discussed here.
16,112
people reacted

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

  • By Nadav Markus, Efi Barkayev and Gal De Leon
  • February 5, 2021 at 3:00 PM

6

2 min. read

This conceptual image covers the concept of container security. Attacks on containers, such as that of the Hildegard malware detailed here, can allow attackers access to a large amount of computing resources.
25,741
people reacted

Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes

  • By Jay Chen, Aviv Sasson and Ariel Zelivansky
  • February 3, 2021 at 6:00 AM

22

10 min. read

20,980
people reacted

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

  • By Aviv Sasson
  • January 28, 2021 at 6:00 AM

19

7 min. read

The conceptual image represents internet attack trends such as those discussed here, including scanner activities and HTTP directory traversal exploitation attempts.
18,128
people reacted

Network Attack Trends: Internet of Threats

  • By Yue Guan, Lei Xu, Ken Hsu and Zhibin Zhang
  • January 22, 2021 at 6:00 AM

14

8 min. read

The word "Tutorial," superimposed over an image used in the Wireshark Tutorial series.
31,478
people reacted

Wireshark Tutorial: Examining Emotet Infection Traffic

  • By Brad Duncan
  • January 19, 2021 at 6:00 AM

35

15 min. read

This conceptual image illustrates the concept of cloud providers.
20,341
people reacted

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

  • By Michael Bailey
  • January 12, 2021 at 6:00 AM

9

6 min. read

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.
23,414
people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

  • By Robert Falcone
  • January 11, 2021 at 12:01 AM

10

25 min. read

The image represents malicious email campaigns, such as TA551, often push a variety of malware, such as Valak and IcedID.
25,239
people reacted

TA551: Email Attack Campaign Switches from Valak to IcedID

  • By Brad Duncan
  • January 7, 2021 at 12:01 AM

10

9 min. read

A conceptual image illustrating the concept of DNS vulnerabilities through a set of folders with one opened by an attacker.
29,361
people reacted

The History of DNS Vulnerabilities and the Cloud

  • By Daniel Prizmant
  • December 28, 2020 at 6:00 AM

42

14 min. read

A conceptual image illustrating the concept of a cyberattack with widespread global effects, such as the suspected nation-state attack detailed in this SolarStorm timeline summary.
57,904
people reacted

SolarStorm Supply Chain Attack Timeline

  • By Unit 42
  • December 23, 2020 at 9:15 AM

59

11 min. read

Kubernetes, vulnerability CVE-2020-8554, conceptual image
32,928
people reacted

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

  • By Yuval Avrahami
  • December 21, 2020 at 3:30 PM

15

7 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2021 Palo Alto Networks, Inc. All rights reserved.