APT Archives - Unit 42

A pictorial representation of the threat actor group Playful Taurus showing an illustration of an orange bull’s head against the background of a blue night sky. Included is the constellation of Taurus.

67,900

people reacted

Chinese Playful Taurus Activity in Iran

By Unit 42
January 18, 2023 at 3:00 AM

66

9 min. read

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

85,506

people reacted

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

By Mike Harbison and Peter Renals
July 19, 2022 at 3:00 AM

57

15 min. read

A conceptual image representing threat groups, used to represent a discussion of threat group naming systems.

54,672

people reacted

Unit 42 Threat Group Naming Update

By Ryan Olson
July 18, 2022 at 2:00 PM

32

4 min. read

GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

68,358

people reacted

GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

By Unit 42
June 13, 2022 at 3:00 AM

42

10 min. read

A conceptual image representing cybercrime, such as the SockDetour backdoor being tracked by Unit 42 in conjunction with the TiltedTemple campaign.

53,316

people reacted

SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors

By Unit 42
February 24, 2022 at 6:00 AM

19

9 min. read

A bear trap accompanied by symbols associated with Russia and Ukraine come together to form a conceptual image for Russia's Gamaredon, aka Primitive Bear, an APT targeting Ukraine.

121,183

people reacted

Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine

By Unit 42
February 3, 2022 at 1:00 PM

63

15 min. read

A conceptual image representing DNS security, such as the strategically aged domain detection system discussed here.

49,672

people reacted

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

By Zhanhao Chen, Daiping Liu, Wanjin Li and Jielong Xu
December 29, 2021 at 6:00 AM

42

9 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

60,861

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

19

10 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

106,995

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

67

18 min. read

40,440

people reacted

Threat Brief: Iranian-Linked Cyber Operations

By Unit 42
January 9, 2020 at 6:00 PM

44

6 min. read

New Indicators of Compromise for APT Group Nitro Uncovered

By Jen Miller-Osborn
October 3, 2014 at 2:00 PM

3

5 min. read