Drawing attention to the ways threat actors steal PII for financial fraud, this article focuses on a malicious APK campaign aimed at Chinese users. The post Financial Fraud APK Campaign appeared first on Unit 42. This article has been indexed…
Category: Unit 42
Medusa Ransomware Turning Your Files into Stone
Medusa ransomware gang has not only escalated activities but launched a leak site. We also analyze new TTPS encountered in an incident response case. The post Medusa Ransomware Turning Your Files into Stone appeared first on Unit 42. This article…
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
Using extractors written in Python, we detail our system for extracting internal malware configurations from memory dumps. GuLoader and RedLine Stealer are our examples. The post Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer appeared first on Unit 42. This…
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
From October-December, the activities of DarkGate, Pikabot, IcedID and more were seen and shared with the broader community via social media The post From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence appeared first on…
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes
Two issues in Google Kubernetes Engine (GKE) create a privilege escalation chain. We examine second-stage attacks which exploit the container environment. The post Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized…
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets
Malicious JavaScript is used to steal PPI via survey sites, web chat APIs and more. We detail how JavaScript malware is implemented and evades detection. The post Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript…
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains
Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams. The post Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains appeared first on Unit 42. This…
Fighting Ursa Aka APT28: Illuminating a Covert Campaign
In three campaigns over the past 20 months, Russian APT Fighting Ursa has targeted over 30 organizations of likely strategic intelligence value using CVE-2023-23397. The post Fighting Ursa Aka APT28: Illuminating a Covert Campaign appeared first on Unit 42. This…
New Tool Set Found Used Against Organizations in the Middle East, Africa and the US
A new toolset comprised of malware (Agent Raccoon and Ntospy) and a custom version of Mimikatz (Mimilite) was used to target organizations in the U.S., Middle East and Africa. The post New Tool Set Found Used Against Organizations in the…
New Tool Set Found Used Against Middle East, Africa and the US
A new toolset comprised of malware (Agent Raccoon and Ntospy) and a custom version of Mimikatz (Mimilite) was used to target organizations in the U.S., Middle East and Africa. The post New Tool Set Found Used Against Middle East, Africa…