Unit 42 investigates how attackers were creating fake versions of some well-known and well-trusted websites, and how they were used in phishing emails to unsuspecting victims. Read the Threat Brief to learn more.
Unit 42 uncovers over 4,000 URLs from 262 unique domains used in phishing attacks between January and March of 2018.
Recent Dimnie activity uses phishing emails to target open source developers on GitHub.
Unit 42’s continued investigation into Shamoon 2 has unearthed more details into the method by which the threat actors delivered the Disttrack payload.
Unit 42 researchers recently observed an unusually clever spambot’s attempts to increase delivery efficacy by abusing reputation blacklist service APIs. Rather than sending spam as soon as the host is infected, the bot checks common blacklists to confirm its e-mails will actually be delivered, and if not, shuts itself down. This spambot, commonly downloaded by
Threat actors tend to reuse certain tools, a trend we observed during recent Unit 42 research published on MNKit. In this post, we will discuss a fresh toolkit, which on the surface, appeared similar to MNKit, but functionally was found to be quite different. This toolkit, which we named “HOMEKit”, is similar to MNKit in
It seems every mainstream news event or holiday has an accompanying phishing campaign. Opportunistic actors hoping to capitalize on the public’s attention are often seen sending phishing e-mails with themes related to the news or the season.. It happened this last holiday season and will likely continue to occur as long as email is around.