The Sofacy group continued their global attack campaigns between October and November, primarily targeting NATO-aligned nation states and former USSR states and delivering Zebrocy or Cannon.
Inception targets Europe with year old office vulnerability. Read the full report.
Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered.
In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary. The oldest sample we found was created in 2009, indicating this
Executive Summary Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named “Scarlet Mimic.” The attacks began over four years ago and their targeting pattern suggests that this adversary’s primary mission is to gather information about minority rights activists. We do not