We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited. The post Leveraging DNS Tunneling for Tracking and Scanning appeared first on Unit 42. This article…
Tag: Unit 42
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
We detail Operation MidnightEclipse, a campaign exploiting command injection vulnerability CVE-2024-3400, and include protections and mitigations. The post Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 appeared first on Unit 42. This article has been indexed from Unit 42…
Muddled Libra’s Evolution to the Cloud
Muddled Libra now actively targets CSP environments and SaaS applications. Using the MITRE ATT&CK framework, we outline observed TTPs from incident response. The post Muddled Libra’s Evolution to the Cloud appeared first on Unit 42. This article has been indexed…
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data. The post It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise appeared first on Unit 42. This…
Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)
An overview of CVE-2024-3094, a vulnerability in XZ Utils, and information about how to mitigate. The post Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) appeared first on Unit 42. This article has been…
Exposing a New BOLA Vulnerability in Grafana
Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana. The post Exposing a New BOLA Vulnerability in Grafana appeared first on Unit 42. This article has been indexed from Unit 42…
ASEAN Entities in the Spotlight: Chinese APT Group Targeting
We analyze the actions of two separate Chinese APTs — including Stately Taurus — that targeted ASEAN-affiliated entities through different methods. The post ASEAN Entities in the Spotlight: Chinese APT Group Targeting appeared first on Unit 42. This article has…
Large-Scale StrelaStealer Campaign in Early 2024
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript. The post Large-Scale StrelaStealer Campaign in Early 2024 appeared first on Unit 42. This article…
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
Iran-linked APT Curious Serpens is using a new backdoor, FalseFont, to target the aerospace and defense industries through fake job recruitment. The post Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention appeared first on Unit 42. This article has…
Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor
A surge in use of malware Smoke Loader by threat group UAC-0006 is highlighted in the first-ever joint research published by Unit 42 and SSSCIP Ukraine. The post Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke…