Unit 42 Palo Alto Networks
- Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)by Unit 42 on November 20, 2024 at 3:26 pm
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations. The post Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20) appeared first on Unit 42.
- Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomwareby Unit 42 on November 20, 2024 at 11:00 am
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors. The post Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware appeared first on Unit 42.
- FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communicationsby Asher Davila and Chris Navarrete on November 19, 2024 at 11:00 am
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. The post FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications appeared first on Unit 42.
- Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attackby Unit 42 on November 14, 2024 at 11:00 pm
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. The post Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack appeared first on Unit 42.
- Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Themby Evan Gordenker on November 13, 2024 at 11:00 am
We discuss North Korea’s use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this. The post Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them appeared first on Unit 42.
- ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AIby Ofir Balassiano and Ofir Shaty on November 12, 2024 at 11:00 am
New research reveals two vulnerabilities in Google’s Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. The post ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI appeared first on Unit 42.
- Silent Skimmer Gets Loud (Again)by Veronika Senderovych, Chema Garcia and Zack Fink on November 7, 2024 at 11:00 am
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. The post Silent Skimmer Gets Loud (Again) appeared first on Unit 42.
- Automatically Detecting DNS Hijacking in Passive DNSby Moe Ghasemisharif, Janos Szurdi, Zhanhao Chen and Daiping Liu on November 4, 2024 at 11:00 pm
Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to malicious servers. The post Automatically Detecting DNS Hijacking in Passive DNS appeared first on Unit 42.
- TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkitby Navin Thomas, Renzon Cruz and Cuong Dinh on November 1, 2024 at 10:00 pm
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor. The post TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkit appeared first on Unit 42.
- Jumpy Pisces Engages in Play Ransomwareby Unit 42 on October 30, 2024 at 10:00 am
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics. The post Jumpy Pisces Engages in Play Ransomware appeared first on Unit 42.
- Deceptive Delight: Jailbreak LLMs Through Camouflage and Distractionby Jay Chen and Royce Lu on October 23, 2024 at 10:00 am
We examine an LLM jailbreaking technique called “Deceptive Delight,” a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. The post Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction appeared first on Unit 42.
- Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanismby Adva Gabay and Maor Dokhanian on October 17, 2024 at 10:00 am
Explore how macOS Gatekeeper’s security could be compromised by third-party apps not enforcing quarantine attributes effectively. The post Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism appeared first on Unit 42.
- Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risksby Michael J. Graven on October 16, 2024 at 10:30 am
The Unit 42 Threat Frontier report discusses GenAI’s impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security. The post Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks appeared first on Unit 42.
- Lynx Ransomware: A Rebranding of INC Ransomwareby Pranay Kumar Chhaparwal, Micah Yates and Benjamin Chang on October 10, 2024 at 9:00 pm
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. The post Lynx Ransomware: A Rebranding of INC Ransomware appeared first on Unit 42.
- Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malwareby Unit 42 on October 9, 2024 at 10:00 am
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. The post Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware appeared first on Unit 42.