Search cyberveille.decio.ch

Found 42 bookmarks

Custom sorting

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs. The threat actors have begun attempting to leverage some of this data to assist with their attack progression, and to use for extortion when trying to monetize their work.

#unit42 #EN #2024 #paloaltonetworks #MuddledLibra #research #CSP #software-as-a-service

·unit42.paloaltonetworks.com·Apr 9, 2024

Muddled Libra’s Evolution to the Cloud

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.

#unit42 #2024 #EN #Retrospective #Analysis #ransomware #Data-Leak-Site

·unit42.paloaltonetworks.com·Feb 6, 2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.

#unit42 #EN #2023 #TTP #technique #stockpiled #DNS #Malicious #Early-Detection

·unit42.paloaltonetworks.com·Dec 19, 2023

Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.

#unit42 #EN #2023 #North-Korea #Job-Related #Campaigns #threat-actor #job-seeking #malware #espionage

·unit42.paloaltonetworks.com·Nov 22, 2023

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.

#unit42 #EN #2023 #PoC #fake #CVE-2023-40477 #VenomRAT #malicious

·unit42.paloaltonetworks.com·Sep 19, 2023

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

Detecting Popular Cobalt Strike Malleable C2 Profile Techniques

We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.

#unit42 #EN #2023 #CobaltStrike #Malleable #C2 #Profile #Techniques

·unit42.paloaltonetworks.com·Jul 3, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

#unit42 #EN #2023 #Mirai #analysis #IoT

·unit42.paloaltonetworks.com·Jun 22, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Threat Actors Rapidly Adopt Web3 IPFS Technology

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.

#unit42 #EN #2023 #paloalto #IPFS #malicious #use #Web3

·unit42.paloaltonetworks.com·Apr 19, 2023

Threat Actors Rapidly Adopt Web3 IPFS Technology

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.

#unit42 #EN #2023 #report #analysis #ViceSociety #PowerShell

·unit42.paloaltonetworks.com·Apr 14, 2023

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

#unit42 #EN #2023 #Golang #paloaltonetworks #Botnet #GoBruteforcer #web #servers

·unit42.paloaltonetworks.com·Mar 13, 2023

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

Chinese PlugX Malware Hidden in Your USB Devices?

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

#unit42 #EN #2023 #PlugX #analysis

·unit42.paloaltonetworks.com·Jan 29, 2023

Chinese PlugX Malware Hidden in Your USB Devices?

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

#unit42 #EN #2023 #CVE-2021-35394 #IoT #devices #supplychain #attacks #Realtek

·unit42.paloaltonetworks.com·Jan 24, 2023

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

Meddler-in-the-Middle Phishing Attacks Explained MitM

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

#unit42 #EN #2022 #MitM #phishing #Meddler-in-the-Middle #explanation #analysis

·unit42.paloaltonetworks.com·Dec 22, 2022

Meddler-in-the-Middle Phishing Attacks Explained MitM

Vice Society: Profiling a Persistent Threat to the Education Sector

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

#unit42 #EN #2022 #paloaltonetworks #vice-society #education #ransomware #schools

·unit42.paloaltonetworks.com·Dec 6, 2022

Vice Society: Profiling a Persistent Threat to the Education Sector

Blowing Cobalt Strike Out of the Water With Memory Analysis

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

#unit42 #EN #2022 #CobaltStrike #analysis #paloaltonetworks

·unit42.paloaltonetworks.com·Dec 6, 2022

Blowing Cobalt Strike Out of the Water With Memory Analysis

Banking Trojan Techniques: Financially Motivated Malware

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

#unit42 #EN #2022 #paloaltonetworks #research #Banking #Trojan #Techniques

·unit42.paloaltonetworks.com·Nov 1, 2022

Banking Trojan Techniques: Financially Motivated Malware

Ransom Cartel Ransomware: A Possible Connection With REvil

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

#unit42 #paloaltonetworks #EN #2022 #Ransom-Cartel #REvil #RaaS

·unit42.paloaltonetworks.com·Oct 18, 2022

Ransom Cartel Ransomware: A Possible Connection With REvil

Credential Gathering From Third-Party Software

Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.

#unit42 #EN #2022 #passwords #Analysis #credential #gathering #techniques

·unit42.paloaltonetworks.com·Sep 19, 2022

Credential Gathering From Third-Party Software

Mirai Variant MooBot Targeting D-Link Devices

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.

#unit42 #paloaltonetworks #EN #2022 #Mirai #Variant #MooBot #Targeting #D-Link #CVE-2015-2051 #CVE-2018-6530 #CVE-2022-26258 #CVE-2022-28958 #analysis

·unit42.paloaltonetworks.com·Sep 7, 2022

Mirai Variant MooBot Targeting D-Link Devices

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

#unit42 #paloaltonetworks #EN #2022 #phishing #attack #SaaS #abuse #website-builders

·unit42.paloaltonetworks.com·Aug 24, 2022

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

ChromeLoader: New Stubborn Malware Campaign

In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands of users and organizations.

#unit42 #EN #2022 #ChromeLoader #malware #browser #hijacker #adware #extension

·unit42.paloaltonetworks.com·Jul 17, 2022

ChromeLoader: New Stubborn Malware Campaign

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors

Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.

#unit42 #EN #2022 #BruteRatelC4 #CobaltStrike #redteam #APT #BRc4 #C2 #malware

·unit42.paloaltonetworks.com·Jul 7, 2022

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors

There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families

Learn about the unique implementations of API Hammering malware samples and how to mitigate them.

#unit42 #API #Hammering #EN #2022 #malware #API-Hammering #Zloader #BazarLoader

·unit42.paloaltonetworks.com·Jun 26, 2022

There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

#unit42 #EN #2023 #Golang #paloaltonetworks #Botnet #GoBruteforcer #web #servers

·unit42.paloaltonetworks.com·Mar 13, 2023

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

Chinese PlugX Malware Hidden in Your USB Devices?

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

#unit42 #EN #2023 #PlugX #analysis

·unit42.paloaltonetworks.com·Jan 29, 2023

Chinese PlugX Malware Hidden in Your USB Devices?

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

#unit42 #EN #2023 #CVE-2021-35394 #IoT #devices #supplychain #attacks #Realtek

·unit42.paloaltonetworks.com·Jan 24, 2023