Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques. The post Attackers Exploiting Public Cobalt Strike Profiles appeared first on Unit 42. This article has been indexed from Unit 42…
Tag: Unit 42
Attack Paths Into VMs in the Cloud
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths. The post Attack Paths Into VMs in the Cloud appeared first on Unit 42. This article has…
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
A Chinese APT group is targeting political entities across multiple continents. Named Operation Diplomatic Specter, this campaign uses rare techniques and a unique toolset. The post Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target…
Payload Trends in Malicious OneNote Samples
This article examines the distribution of malicious payloads embedded in Microsoft OneNote files by type, a first in our research to do so at such a scale. The post Payload Trends in Malicious OneNote Samples appeared first on Unit 42.…
Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited. The post Leveraging DNS Tunneling for Tracking and Scanning appeared first on Unit 42. This article…
Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited. The post Leveraging DNS Tunneling for Tracking and Scanning appeared first on Unit 42. This article…
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
We detail Operation MidnightEclipse, a campaign exploiting command injection vulnerability CVE-2024-3400, and include protections and mitigations. The post Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 appeared first on Unit 42. This article has been indexed from Unit 42…
Muddled Libra’s Evolution to the Cloud
Muddled Libra now actively targets CSP environments and SaaS applications. Using the MITRE ATT&CK framework, we outline observed TTPs from incident response. The post Muddled Libra’s Evolution to the Cloud appeared first on Unit 42. This article has been indexed…
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data. The post It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise appeared first on Unit 42. This…
Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)
An overview of CVE-2024-3094, a vulnerability in XZ Utils, and information about how to mitigate. The post Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) appeared first on Unit 42. This article has been…