We analyze recent samples of BunnyLoader 3.0 to illuminate this malware’s evolved and upscaled capabilities, including its new downloadable module system. The post Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled appeared first on Unit 42. This article has been indexed…
Category: Unit 42
Threat Group Assessment: Muddled Libra (Updated)
Muddled Libra continues to evolve. From social engineering to adaptation of new technologies, significant time is spent breaking down organizational defenses. The post Threat Group Assessment: Muddled Libra (Updated) appeared first on Unit 42. This article has been indexed from…
Wireshark Tutorial: Exporting Objects From a Pcap
This Wireshark tutorial guides the reader in exporting different packet capture objects. It builds on a foundation of malware traffic analysis skills. The post Wireshark Tutorial: Exporting Objects From a Pcap appeared first on Unit 42. This article has been…
The Art of Domain Deception: Bifrost’s New Tactic to Deceive Users
The RAT Bifrost has a new Linux variant that leverages a deceptive domain in order to compromise systems. We analyze this expanded attack surface. The post The Art of Domain Deception: Bifrost's New Tactic to Deceive Users appeared first on…
Navigating the Cloud: Exploring Lateral Movement Techniques
We illuminate lateral movement techniques observed in the wild within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The post Navigating the Cloud: Exploring Lateral Movement Techniques appeared first on Unit 42. This article…
Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns
Data leaks impacting Chinese IT security services company i-Soon reveal links to prior Chinese-affiliated APT campaigns found in the data. We summarize our findings. The post Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns appeared…
Intruders in the Library: Exploring DLL Hijacking
Dynamic-link library (DLL) hijacking remains a popular technique to run malware. We address its evolution using examples from the realm of cybercrime and more. The post Intruders in the Library: Exploring DLL Hijacking appeared first on Unit 42. This article…
Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
CVE-2024-1708 and CVE-2024-1709 affect ConnectWise remote desktop application ScreenConnect. This Threat Brief covers attack scope and includes our telemetry. The post Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) appeared first on Unit 42. This article has been indexed from…
2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics
Fundamental insights from Unit 42’s 2024 Incident Response report are summarized here. The post 2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics appeared first on Unit 42. This article has been indexed from Unit 42…
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)
Insidious Taurus, aka Volt Typhoon, is a nation-state TA attributed to the People’s Republic of China. We provide an overview of their current activity and mitigations recommendations. The post Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt…