Our latest research shows attacks against Middle East government Sharepoint servers using a newly patched vulnerability. In our blog, we provide details of the tools and tactics, explain how we believe these connect to the Emissary Panda threat group, correlate our findings with those of the Saudi Arabian National Cyber Security Center and the Canadian Center for Cyber Security, and provide indicators of compromise (IoCs) from our research.
Unit 42 dissects the EsteemAudit Windows remote desktop exploit.
This Unit 42 blog provides an update on the threat situation surrounding the WanaCrypt0r ransomware attacks. It also well as information on the adversary playbook this attack uses.