CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Executive SummaryWe identified a cluster of activity that we track as CL-STA-0048.... 2025-1-29 23:0:17 | 阅读: 4 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex malicious plugx cobalt c2

Threat Brief: CVE-2025-0282 and CVE-2025-0283 Executive SummaryOn Jan. 8, 2025, Ivanti released a security advisory for two vuln... 2025-1-17 00:30:13 | 阅读: 42 | 收藏 | Unit 42 - unit42.paloaltonetworks.com ivanti attackers 0282 appliance memory

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks Executive SummaryWhen launching and persisting attacks at scale, threat actors can... 2025-1-14 11:0:37 | 阅读: 4 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing malicious postal shop

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability Executive SummaryThis article presents what we are calling the “Bad Likert Judge”... 2024-12-31 23:0:16 | 阅读: 7 | 收藏 | Unit 42 - unit42.paloaltonetworks.com llm asr judge likert jailbreak

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Executive SummaryWe developed an adversarial machine learning (ML) algorithm that... 2024-12-20 11:0:39 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com malicious llm phishing rewriting llms

Effective Phishing Campaign Targeting European Companies and Institutions Executive SummaryUnit 42 researchers recently investigated a phishing campaign tar... 2024-12-18 08:0:28 | 阅读: 26 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing hxxps buzz hsforms eu1

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory Executive SummaryThis article provides a practical guide to developing a detection... 2024-12-17 23:0:43 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex attackers windows malicious sharphound

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration Executive SummaryUnit 42 researchers have discovered new security vulnerabilities... 2024-12-16 23:0:37 | 阅读: 4 | 收藏 | Unit 42 - unit42.paloaltonetworks.com airflow geneva dag pods attackers

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation Executive SummaryThis article analyzes a new packer-as-a-service (PaaS) called Hea... 2024-12-13 23:0:21 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com heartcrypt payload analysis windows 0066

Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams Executive SummaryThreat actors frequently exploit trending events like global spor... 2024-12-7 07:0:40 | 阅读: 4 | 收藏 | Unit 42 - unit42.paloaltonetworks.com olympic olympics malicious nrds paris

Threat Assessment: Howling Scorpius (Akira Ransomware) Executive SummaryEmerging in early 2023, the Howl... 2024-12-3 07:0:10 | 阅读: 5 | 收藏 | Unit 42 - unit42.paloaltonetworks.com akira ransomware scorpius howling taskkill

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples Executive SummaryIn this article, we explore various lateral movement techniques f... 2024-11-22 19:0:26 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com remote ssh machine ard attackers

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware Executive SummaryUnit 42 researchers have observed an increase in BlackSuit ransom... 2024-11-20 19:0:53 | 阅读: 2 | 收藏 | Unit 42 - unit42.paloaltonetworks.com ransomware blacksuit ignoble scorpius windows

FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications Executive SummaryIn July 2024, the operational technology (OT)-centric malware Fro... 2024-11-19 19:0:15 | 阅读: 8 | 收藏 | Unit 42 - unit42.paloaltonetworks.com frostygoop modbus windows enco analysis

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 Executive SummaryPalo Alto Networks and Unit 42 are engaged in tracking a limited... 2024-11-18 22:42:18 | 阅读: 13 | 收藏 | Unit 42 - unit42.paloaltonetworks.com alto palo pan 0012 security

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack Executive SummaryUnit 42 researchers identified a North Korean IT worker activity... 2024-11-15 07:0:12 | 阅读: 30 | 收藏 | Unit 42 - unit42.paloaltonetworks.com north sta 0237 korean cloud

Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them Executive SummaryWorkers with allegiances to the... 2024-11-13 19:0:36 | 阅读: 6 | 收藏 | Unit 42 - unit42.paloaltonetworks.com dprk remote subcategory security lowercase

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI Executive SummaryIn the race to gain a competitive edge, organizations are increas... 2024-11-12 19:0:11 | 阅读: 9 | 收藏 | Unit 42 - unit42.paloaltonetworks.com gcp vertex malicious llm tuning

Silent Skimmer Gets Loud (Again) Executive SummaryIn late May 2024, Unit 42 researchers observed an adversary compr... 2024-11-7 19:0:13 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com reverse c2 loader ringq powershell

Automatically Detecting DNS Hijacking in Passive DNS Executive SummaryIn this article, we explain our process of detecting domain name... 2024-11-5 07:0:48 | 阅读: 19 | 收藏 | Unit 42 - unit42.paloaltonetworks.com hijacking uts hu hijacked pdns