* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/) * A Few of Unit 42's Greate... # A Few of Unit 42's Greatest Contributions to Threat Intelligence Research [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fnetwork-threat-intelligence-research%2F) [](https://twitter.com/share?text=A+Few+of+Unit+42%E2%80%99s+Greatest+Contributions+to+Threat+Intelligence+Research&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fnetwork-threat-intelligence-research%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F12%2Fnetwork-threat-intelligence-research%2F&title=A+Few+of+Unit+42%E2%80%99s+Greatest+Contributions+to+Threat+Intelligence+Research&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2019/12/network-threat-intelligence-research/&ts=markdown) \[\](mailto:?subject=A Few of Unit 42’s Greatest Contributions to Threat Intelligence Research) Link copied By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?ts=markdown "Posts by Unit 42") Dec 23, 2019 3 minutes [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [Adversary Playbooks](https://www.paloaltonetworks.com/blog/tag/adversary-playbooks/?ts=markdown) [cyberthreats](https://www.paloaltonetworks.com/blog/tag/cyberthreats/?ts=markdown) [KeyRaider](https://www.paloaltonetworks.com/blog/tag/keyraider/?ts=markdown) [malware](https://www.paloaltonetworks.com/blog/tag/malware/?ts=markdown) [OilRig](https://www.paloaltonetworks.com/blog/tag/oilrig/?ts=markdown) [threat intelligence](https://www.paloaltonetworks.com/blog/tag/threat-intelligence/?ts=markdown) [zero-day](https://www.paloaltonetworks.com/blog/tag/zero-day/?ts=markdown) In 2015, Unit 42, the global threat intelligence division at Palo Alto Networks, discovered that more than 39 iOS apps were infected with xCodeGhost, the first compiler malware in OSX. By targeting the compilers used to create legitimate apps, xCodeGhost is able to use infected apps to collect information from devices and upload that data to command and control (C2) servers. After finding xCodeGhost in popular apps including WeChat and Didi, Unit 42 shared their samples, threat intelligence and research with Apple, Amazon and Baido to stop the attacks or mitigate the security threat. This is just one example of the work of [Unit 42](https://unit42.paloaltonetworks.com/), whose mission is to research and document the details of adversaries' playbooks and quickly share them with systems, people and organizations who can use them to prevent successful cyberattacks. In our rapidly evolving digital age, cybercriminals find new software vulnerabilities and attack vectors everyday. They're also often willing to freely share their tools and techniques with other criminals so information spreads rapidly. This presents a major challenge for cybersecurity experts, who are constantly trying to keep pace with the rapidly growing volume and sophistication of attacks, and makes work like that of Unit 42 especially vital. Believing that threat intelligence should be accessible to all, Unit 42 disseminates their findings freely and globally so defenders everywhere can gain visibility into threats to better defend their businesses against them. To highlight some of the most significant contributions Unit 42 has made to threat research, we've compiled them into the [Unit 42 Greatest Hits Interactive](https://start.paloaltonetworks.com/unit-42-greatest-hits.html). There, you can learn more about xCodeGhost and other threat intelligence research. From discoveries like [KeyRaider](https://unit42.paloaltonetworks.com/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/), a computer malware that stole login credentials from more than 225,000 Apple devices, to [OilRig](https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/), which became the first ever [adversary playbook](https://pan-unit42.github.io/playbook_viewer/?pb=oilrig), Unit 42 has had a profound impact on threat intelligence and research in the cybersecurity landscape. Download our [Unit 42 Greatest Hits Interactive](https://start.paloaltonetworks.com/unit-42-greatest-hits.html) to find: * Major cyberthreats and how they operate. * Tools and tactics Unit 42 uses to discover new threats. * Essential news and resources related to common cyberthreats. Experts in hunting and collecting unknown threats, the Unit 42 team has been internationally recognized for key research on threats and campaigns and is frequently sought out by enterprises and government agencies around the world. They were even recently recognized by Microsoft with multiple awards for contributions to vulnerability research, including [first place for the discovery of Zero Day vulnerabilities](https://www.paloaltonetworks.com/blog/2019/08/unit-42-named-top-zero-day-vulnerability-contributor-microsoft/?ts=markdown). To see an engaging digital exhibition of Unit 42's discoveries and how they're combating large-scale threats, check out the [Unit 42 Greatest Hits Interactive.](https://start.paloaltonetworks.com/unit-42-greatest-hits.html) *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Battling macOS Malware with Cortex AI](https://www.paloaltonetworks.com/blog/security-operations/battling-macos-malware-with-cortex-ai/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Stop Zero-Day Malware With Zero Stress With PAN-OS 11.0 Nova](https://www.paloaltonetworks.com/blog/2022/11/stop-zero-day-malware-with-nova/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Busted by XDR: Detecting Microsoft Exchange Post-Exploit Activity in February](https://www.paloaltonetworks.com/blog/security-operations/busted-by-xdr-detecting-microsoft-exchange-post-exploit-activity-in-february/) ### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### COVID-19: The Cybercrime Gold Rush of 2020](https://www.paloaltonetworks.com/blog/2020/07/unit-42-cybercrime-gold-rush/) ### [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### 8 Tips for Surviving Black Hat and Other Hostile Networks](https://www.paloaltonetworks.com/blog/2019/08/tips-for-surviving-black-hat/) ### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown) [#### Protecting Endpoints From Day One](https://www.paloaltonetworks.com/blog/2019/01/protecting-endpoints-day-one/) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language