Data leaks impacting Chinese IT security services company i-Soon reveal links to prior Chinese-affiliated APT campaigns found in the data. We summarize our findings. The post Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns appeared…
Category: Unit 42
Intruders in the Library: Exploring DLL Hijacking
Dynamic-link library (DLL) hijacking remains a popular technique to run malware. We address its evolution using examples from the realm of cybercrime and more. The post Intruders in the Library: Exploring DLL Hijacking appeared first on Unit 42. This article…
Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
CVE-2024-1708 and CVE-2024-1709 affect ConnectWise remote desktop application ScreenConnect. This Threat Brief covers attack scope and includes our telemetry. The post Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) appeared first on Unit 42. This article has been indexed from…
2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics
Fundamental insights from Unit 42’s 2024 Incident Response report are summarized here. The post 2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics appeared first on Unit 42. This article has been indexed from Unit 42…
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)
Insidious Taurus, aka Volt Typhoon, is a nation-state TA attributed to the People’s Republic of China. We provide an overview of their current activity and mitigations recommendations. The post Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt…
New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
New zero-day vulnerability CVE-2023-50358 affects QNAP Network Attached Storage (NAS) devices. Our analysis includes its impact determined by our product data. The post New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 appeared first on Unit 42. This article has been indexed…
Diving Into Glupteba’s UEFI Bootkit
A 2023 Glupteba campaign includes an unreported feature — a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved. The post Diving Into Glupteba's UEFI Bootkit appeared first on Unit 42. This article has been indexed…
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings. The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit…
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings. The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit…
Exploring the Latest Mispadu Stealer Variant
Evaluation of a new variant of Mispadu, a banking Trojan, highlights how infostealers evolve over time and can be hard to pin to past campaigns. The post Exploring the Latest Mispadu Stealer Variant appeared first on Unit 42. This article…