* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate)
* Espionage

# Palo Alto Networks

## Espionage

[![Through the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East and Africa](https://www.paloaltonetworks.com/blog/wp-content/uploads/2023/06/Man-Working-2.jpg)](https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/)  
[Through the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East and Africa
\----------------------------------------------------------------------------------------------------------------](https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/)

This blog is about a new activity group that was observed targeting governments in the Middle East and Africa with some rare TTPs.  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
Jun 14, 2023  
By [Lior Rochberger](https://www.paloaltonetworks.com/blog/author/lior-rochberger/?ts=markdown "Posts by Lior Rochberger")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

[](https://www.paloaltonetworks.com/blog/2018/12/dear-joohn-sofacy-groups-global-campaign/)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Dear Joohn: The Sofacy Group's Global Campaign](https://www.paloaltonetworks.com/blog/2018/12/dear-joohn-sofacy-groups-global-campaign/)

As alluded to in our previous blog regarding the Cannon tool, the Sofacy group (AKA Fancy Bear, APT28, STRONTIUM, Pawn Storm, Sednit) has persistently attacked various government and private organizations aroun...  
Dec 12, 2018  
By [Bryan Lee](https://www.paloaltonetworks.com/blog/author/bryan-lee/?ts=markdown "Posts by Bryan Lee") and [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone")  
![Inception Attackers Target Europe with Year-old Office Vulnerability](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Inception Attackers Target Europe with Year-old Office Vulnerability](https://www.paloaltonetworks.com/blog/2018/11/unit42-inception-attackers-target-europe-year-old-office-vulnerability/)

Inception targets Europe with year old office vulnerability. Read the full report.  
Nov 05, 2018  
By [Tom Lancaster](https://www.paloaltonetworks.com/blog/author/tom-lancaster/?ts=markdown "Posts by Tom Lancaster")  
![VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://www.paloaltonetworks.com/blog/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/)

Unit 42 gives a walkthrough of the analysis of the VERMIN malware, details links between the activity observed, and IOCs for all activity discovered.  
Jan 29, 2018  
By [Tom Lancaster](https://www.paloaltonetworks.com/blog/author/tom-lancaster/?ts=markdown "Posts by Tom Lancaster") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes")  
[](https://www.paloaltonetworks.com/blog/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](https://www.paloaltonetworks.com/blog/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/)

In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Tro...  
Feb 03, 2016  
By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn")  
[](https://www.paloaltonetworks.com/blog/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/)  
[Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists](https://www.paloaltonetworks.com/blog/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/)

Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named "Scarlet Mimic." The attacks...  
Jan 24, 2016  
By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone") and [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn")  
[](https://www.paloaltonetworks.com/blog/2015/07/the-cybersecurity-canon-cybercrime-and-espionage-an-analysis-of-subversive-multi-vector-threats/)  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Cybersecurity Canon](https://www.paloaltonetworks.com/blog/category/canon/?ts=markdown)

## [The Cybersecurity Canon: Cybercrime and Espionage: An Analysis of Subversiv...](https://www.paloaltonetworks.com/blog/2015/07/the-cybersecurity-canon-cybercrime-and-espionage-an-analysis-of-subversive-multi-vector-threats/)

We modeled the Cybersecurity Canon after the Baseball or Rock \& Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on t...  
Jul 16, 2015  
By [Rick Howard](https://www.paloaltonetworks.com/blog/author/rick/?ts=markdown "Posts by Rick Howard")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language