Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. The post The Covert Operator's Playbook: Infiltration of Global Telecom Networks appeared first…
Category: Unit 42
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 25)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 25) appeared first on Unit 42. This article has been…
The Ηоmоgraph Illusion: Not Everything Is As It Seems
A subtle yet dangerous email attack vector: homograph attacks. Threat actors are using visually similar, non-Latin characters to bypass security filters. The post The Ηоmоgraph Illusion: Not Everything Is As It Seems appeared first on Unit 42. This article has…
Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
Muddled Libra (Scattered Spider, UNC3944) is evolving. Get the latest insights and defensive recommendations based on Unit 42 incident response cases. The post Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful appeared first on Unit 42. This article has been…
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 24)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 24) appeared first on Unit 42. This article has been…
Cloud Logging for Security and Beyond
Cloud logging is essential for security and compliance. Learn best practices when navigating AWS, Azure or GCP for comprehensive visibility into your environment. The post Cloud Logging for Security and Beyond appeared first on Unit 42. This article has been…
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 22)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 22) appeared first on Unit 42. This article has been…
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief
Unit 42 has observed an active exploitation of recent Microsoft SharePoint Vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief appeared first on Unit 42. This article has been indexed from…
Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication
CL-STA-1020 targets Southeast Asian governments using a novel Microsoft backdoor we call HazyBeacon. It misuses AWS Lambda URLs for C2. The post Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication appeared first on Unit…
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques
SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation. The post Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques appeared first on Unit…