Unit 42: A New Era In Threat Intelligence

Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution.

Unit 42 uses data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. Using our Critical Intelligence Requirements developed by our leadership, we determine what data is necessary to answer questions about threats to Palo Alto Networks and our customers.

We collect this data from both internal and external sources and run it through a detailed threat analysis process. The team, led by our Chief Security Officer Rick Howard, includes a group of experts with deep experience in threat intelligence and is backed by the Palo Alto Networks engineering team. You’ll see the output of Unit 42’s research in the form of white papers as well as regular entries on our blog. If you have any questions about Unit 42 and our mission, check out this FAQ.


419 evolution

The 419 Evolution report describes a series of attacks we first detected in May 2014. The team tracked this activity back to Nigerian actors who had previously been active in launching 419 scams.

The paper shows that these individuals’ tactics have evolved as they’ve begun using Remote Administration Tools (RAT) and other malware tools as part of their attacks. While these actors are not nearly as sophisticated as the top cyber crime and espionage groups in the world, we believe they represent an emerging threat to businesses. The paper details the tools and infrastructure used in the attack, including NetWire, a commercially available RAT.

The full 419 Evolution report is available to download here.

Meet Us At Black Hat

Unit 42 is part of a big Palo Alto Networks presence at Black Hat USA 2014, which kicks off in just two weeks. You can see full details of where to find us at Black Hat here, and Unit 42 members will be available in our booth and throughout the conference to take your questions and introduce you to our research and intelligence process.