Unit 42
Magic Hound Campaign Attacks Saudi Targets
Unit 42 discovers a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which they have named Magic Hound.
Get to know
Sort By:
Unit 42
Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue
Recently, Palo Alto Networks Unit 42 reported on a new exploitation platform that we called “DealersChoice” in use by the Sofacy group (AKA APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit). As outlined …
Unit 42
‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
Unit 42 has reported on various Sofacy group attacks over the last year, most recently with a post on Komplex, an OS X variant of a tool commonly used by the Sofacy …
Threat Prevention, Unit 42
Fresh Baked HOMEKit-made Cookles – With a DarkHotel Overlap
Threat actors tend to reuse certain tools, a trend we observed during recent Unit 42 research published on MNKit. In this post, we will discuss a fresh toolkit, which on the surface, …
Unit 42
New Sofacy Attacks Against US Government Agency
The Sofacy group, also known as APT28, is a well-known threat group that frequently conducts cyber espionage campaigns. Recently, Unit 42 identified a spear phishing e-mail from the Sofacy group that targeted …
Sort By:
Cybersecurity, Malware
Grid Security Is Top of Mind in 2016 – NERC CIP and the Ukrainian Grid Atta...
The discussions around electric grid cybersecurity in 2016 have already started off with a lot of buzz with two important industry developments in play. The first is around the NERC CIP regulation. …
Malware, Threat Prevention, Unit 42
New Attacks Linked to C0d0so0 Group
While recently researching unknown malware and attack campaigns using the AutoFocus threat intelligence platform, Unit 42 discovered new activity that appears related to an adversary group previously called “C0d0so0” or “Codoso”. This …
Threat Prevention, Unit 42
Fresh Baked HOMEKit-made Cookles – With a DarkHotel Overlap
Threat actors tend to reuse certain tools, a trend we observed during recent Unit 42 research published on MNKit. In this post, we will discuss a fresh toolkit, which on the surface, …
Unit 42
New Sofacy Attacks Against US Government Agency
The Sofacy group, also known as APT28, is a well-known threat group that frequently conducts cyber espionage campaigns. Recently, Unit 42 identified a spear phishing e-mail from the Sofacy group that targeted …
Financial Services, Malware, Threat Prevention, Unit 42
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helmint...
In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts identified within the malware samples related to these attacks also suggest the …