We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. The post Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors appeared first on…
Tag: Unit 42
Phishing Pages Delivered Through Refresh HTTP Response Header
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors. The post Phishing Pages Delivered Through Refresh HTTP Response Header appeared first on Unit…
Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Repellent Scorpius distributes Cicada3301 ransomware, using double extortion and targeting global victims since May 2024. We break down their toolset and more. The post Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware appeared first on Unit 42. This article has…
Threat Assessment: North Korean Threat Groups
Explore Unit 42’s review of North Korean APT groups and their impact, detailing the top 10 malware and tools we’ve seen from these threat actors. The post Threat Assessment: North Korean Threat Groups appeared first on Unit 42. This article…
Chinese APT Abuses VSCode to Target Government in Asia
A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims’ environments for Southeast Asian espionage. The post Chinese APT Abuses VSCode to Target Government in Asia appeared first on Unit…
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. The post Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant appeared first on Unit 42. This article has been indexed from Unit 42 Read…
TLD Tracker: Exploring Newly Released Top-Level Domains
Unit 42 researchers use a novel graph-based pipeline to detect misuse of 19 new TLDs for phishing, chatbots and more in several case studies. The post TLD Tracker: Exploring Newly Released Top-Level Domains appeared first on Unit 42. This article…
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
A technical analysis of deepfake technology uncovers how cybercriminals utilize AI-generated videos of public figures to execute sophisticated scams. The post The Emerging Dynamics of Deepfake Scam Campaigns on the Web appeared first on Unit 42. This article has been…
Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials. The post Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware appeared first on…
Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic
Unit 42 researchers use deep learning to detect cyber threats by analyzing DNS traffic, employing autoencoders and machine learning algorithms. The post Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic appeared first on Unit 42. This article…