In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary. The oldest sample we found was created in 2009, indicating this
Executive Summary Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named “Scarlet Mimic.” The attacks began over four years ago and their targeting pattern suggests that this adversary’s primary mission is to gather information about minority rights activists. We do not
This post is the second in a blog series describing adversaries and their motivations. In part two of the series, we’ll explore the following top-level actor motivations: Cyber Espionage, Cyber Crime, and Cyber Hacktivism. Adversary Operational Maturity, Targeting, and Key Roles Before we start, there are some additional concepts that add context to exploring malicious
This is the third and final installment of my blog series differentiating the various kinds of cyber adversaries who are looking to gain access to enterprise and government networks. Follow these links to get to Part 1 and Part 2.
In my previous post, I wrote of my distaste for how loosely the cybersecurity community uses terms like cyber terrorism and cyber crime. There are different motivations driving those who would try to gain unauthorized entry into a corporate network. So let’s take a look at who they are and what drives them to do
This is a pet peeve of mine, but when I hear somebody from the cybersecurity community refer to a web-defacement as cyber warfare, my soul dies a little. Really? A hacktivist converts the corporate logo on a company web site into a Guy Fawkes mask and it’s cyber warfare? Hardly. A criminal steals customer credit