A network of over 130k domains was part of a campaign to deliver shareware, PUPs and other scams. We unravel the threads of this campaign from entry point to payload. The post ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery…
Category: Unit 42
Threat Assessment: BianLian
We analyze the extremely active ransomware group BianLian. Mostly targeting healthcare, they have moved from double-extortion to extortion without encryption. The post Threat Assessment: BianLian appeared first on Unit 42. This article has been indexed from Unit 42 Read the…
Parrot TDS: A Persistent and Evolving Malware Campaign
Traffic detection system Parrot has infected tens of thousands of websites worldwide. We outline the scripting evolution of this injection campaign and its scope. The post Parrot TDS: A Persistent and Evolving Malware Campaign appeared first on Unit 42. This…
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated)
Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication. The post Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated) appeared first on Unit 42. This article has been indexed…
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887
Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication. The post Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 appeared first on Unit 42. This article has been indexed from…
Financial Fraud APK Campaign
Drawing attention to the ways threat actors steal PII for financial fraud, this article focuses on a malicious APK campaign aimed at Chinese users. The post Financial Fraud APK Campaign appeared first on Unit 42. This article has been indexed…
Medusa Ransomware Turning Your Files into Stone
Medusa ransomware gang has not only escalated activities but launched a leak site. We also analyze new TTPS encountered in an incident response case. The post Medusa Ransomware Turning Your Files into Stone appeared first on Unit 42. This article…
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
Using extractors written in Python, we detail our system for extracting internal malware configurations from memory dumps. GuLoader and RedLine Stealer are our examples. The post Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer appeared first on Unit 42. This…
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence
From October-December, the activities of DarkGate, Pikabot, IcedID and more were seen and shared with the broader community via social media The post From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence appeared first on…
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes
Two issues in Google Kubernetes Engine (GKE) create a privilege escalation chain. We examine second-stage attacks which exploit the container environment. The post Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized…