APT Archives - Unit 42

A pictorial representation of threat actor tracking showing a blackboard and books.

23,589

people reacted

It’s All in the Name: How Unit 42 Defines and Tracks Threat Adversaries

By Unit 42
May 15, 2023 at 6:00 AM

3

4 min. read

A pictorial representation of Alloy Taurus with a bull's head against the Taurus constellation in a night sky.

55,375

people reacted

Chinese Alloy Taurus Updates PingPull Malware

By Unit 42
April 26, 2023 at 3:00 AM

15

6 min. read

A pictorial representation of the threat actor group Playful Taurus showing an illustration of an orange bull’s head against the background of a blue night sky. Included is the constellation of Taurus.

72,488

people reacted

Chinese Playful Taurus Activity in Iran

By Unit 42
January 18, 2023 at 3:00 AM

66

9 min. read

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

88,443

people reacted

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

By Mike Harbison and Peter Renals
July 19, 2022 at 3:00 AM

58

15 min. read

A conceptual image representing threat groups, used to represent a discussion of threat group naming systems.

56,037

people reacted

Unit 42 Threat Group Naming Update

By Ryan Olson
July 18, 2022 at 2:00 PM

32

4 min. read

GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

72,997

people reacted

GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool

By Unit 42
June 13, 2022 at 3:00 AM

42

10 min. read

A conceptual image representing cybercrime, such as the SockDetour backdoor being tracked by Unit 42 in conjunction with the TiltedTemple campaign.

57,940

people reacted

SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors

By Unit 42
February 24, 2022 at 6:00 AM

19

9 min. read

A bear trap accompanied by symbols associated with Russia and Ukraine come together to form a conceptual image for Russia's Gamaredon, aka Primitive Bear, an APT targeting Ukraine.

128,084

people reacted

Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine

By Unit 42
February 3, 2022 at 1:00 PM

63

15 min. read

A conceptual image representing DNS security, such as the strategically aged domain detection system discussed here.

51,411

people reacted

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

By Zhanhao Chen, Daiping Liu, Wanjin Li and Jielong Xu
December 29, 2021 at 6:00 AM

43

9 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

62,403

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

19

10 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

110,700

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

68

18 min. read

41,271

people reacted

Threat Brief: Iranian-Linked Cyber Operations

By Unit 42
January 9, 2020 at 6:00 PM

44

6 min. read

New Indicators of Compromise for APT Group Nitro Uncovered

By Jen Miller-Osborn
October 3, 2014 at 2:00 PM

3

5 min. read