Unit 42 Palo Alto Networks
- Automatically Detecting DNS Hijacking in Passive DNSby Moe Ghasemisharif, Janos Szurdi, Zhanhao Chen and Daiping Liu on November 4, 2024 at 11:00 pm
Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to malicious servers. The post Automatically Detecting DNS Hijacking in Passive DNS appeared first on Unit 42.
- TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkitby Navin Thomas, Renzon Cruz and Cuong Dinh on November 1, 2024 at 10:00 pm
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor. The post TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkit appeared first on Unit 42.
- Jumpy Pisces Engages in Play Ransomwareby Unit 42 on October 30, 2024 at 10:00 am
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics. The post Jumpy Pisces Engages in Play Ransomware appeared first on Unit 42.
- Deceptive Delight: Jailbreak LLMs Through Camouflage and Distractionby Jay Chen and Royce Lu on October 23, 2024 at 10:00 am
We examine an LLM jailbreaking technique called “Deceptive Delight,” a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. The post Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction appeared first on Unit 42.
- Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanismby Adva Gabay and Maor Dokhanian on October 17, 2024 at 10:00 am
Explore how macOS Gatekeeper’s security could be compromised by third-party apps not enforcing quarantine attributes effectively. The post Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism appeared first on Unit 42.
- Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risksby Michael J. Graven on October 16, 2024 at 10:30 am
The Unit 42 Threat Frontier report discusses GenAI’s impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security. The post Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks appeared first on Unit 42.
- Lynx Ransomware: A Rebranding of INC Ransomwareby Pranay Kumar Chhaparwal, Micah Yates and Benjamin Chang on October 10, 2024 at 9:00 pm
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. The post Lynx Ransomware: A Rebranding of INC Ransomware appeared first on Unit 42.
- Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malwareby Unit 42 on October 9, 2024 at 10:00 am
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. The post Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware appeared first on Unit 42.
- No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detectionby Shu Wang, Ruian Duan, Chao Lei and Qi Deng on October 4, 2024 at 9:00 pm
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more. The post No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection appeared first on Unit 42.
- Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learningby Chris Navarrete, Qian Feng, Durgesh Sangvikar and Yanhui Jia on October 1, 2024 at 10:00 am
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. The post Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning appeared first on Unit 42.
- Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpyby Daniel Frank and Lior Rochberger on September 26, 2024 at 10:00 am
We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant). The post Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy appeared first on Unit 42.
- Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dzby Shehroze Farooqi, Howard Tong and Alex Starov on September 24, 2024 at 9:00 pm
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. The post Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz appeared first on Unit 42.
- Inside SnipBot: The Latest RomCom Malware Variantby Yaron Samuel and Dominik Reichel on September 23, 2024 at 9:00 pm
We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain. The post Inside SnipBot: The Latest RomCom Malware Variant appeared first on Unit 42.
- Discovering Splinter: A First Look at a New Post-Exploitation Red Team Toolby Dominik Reichel on September 19, 2024 at 10:00 am
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. The post Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool appeared first on Unit 42.
- Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoorsby Yoav Zemah on September 18, 2024 at 9:00 pm
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. The post Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors appeared first on Unit 42.