Secure the Enterprise
Secure the
Enterprise

Our Next-Generation Firewall is the industry's defining network security platform. Stay on the cutting edge with continuous integrated security innovations that instantly find and stop attacks. Eliminate disconnected point-products with our fully automated platform that simplifies security.
Next-Generation Firewall

Threat Prevention Services

Endpoint Protection

5G / IoT

For Your Industry

Products A-Z
Secure the Cloud
Secure the
Cloud

Cloud security services that effectively predict, prevent, detect, and automatically respond to security and compliance risks without creating friction for users, developers, and administrators.
Public Cloud

AWS

GCP

Azure

SaaS

Branch & Retail

Mobile Users

For Your Industry

Products A-Z
Secure the Future
Cortex is the industry's only open and integrated AI-based continuous security platform. It delivers radical simplicity and significantly improves security outcomes through automation and unprecedented accuracy.
Cortex

Cortex Data Lake

Cortex XDR

For Your Industry

Products A-Z
More
- More
- Get Support
- Services
- Partners
- Company

EMPOWERING CYBERSECURITY PROFESSIONALS

Expanding Targets for New SunOrcal Malware Variant

Unit 42 has recently been investigating a new malware family called Reaver. While we have identified it as being active since late 2016, Reaver has been used sparingly, with only a small number of unique samples identified. Its targets have been movements the Chinese government consider dangerous, also known as the “Five Poisons.” We found that the Reaver malware family has shared command-and-control (C2) infrastructure overlap SunOrcal malware, and that these have been used concurrently since late 2016.

While investigating Reaver we recently also discovered a new variant of the SunOrcal malware family. While the SunOrcal malware family has been confirmed to have been active since 2013, possibly even earlier, this new variant has been observed targeting regions outside of the typical target radius for this threat group, now expanding to include Vietnam and Myanmar.

How it Works
Emails were sent to targets containing malicious attachments. Targeting a Vietnamese speaking audience, one of the malicious documents mentions Donald Trump and the disputed South China Sea area. This is a classic lure technique – including something the target will find interesting or important causing them to open the file and download the malware on to the victims’ system.

How to Defend Against it
These malware attacks utilize email phishing, and relies on targets opening the malicious email attachment. Security awareness is critical to avoid falling victim to such an attack.

General email best practices:

Make sure the sender is a trusted source. If you’ve never received something from them before, or the email address has typos, don’t open it.
If the sender appears to be convincing, pay close attention to the body of the email. Are there a lot of typos? Does the branding/logo look different? Does it look unprofessional?
Never click on a link within the email or download an attachment.
Don’t respond to the email with any password or personal information.

If you are unsure of the legitimacy of the email, contact the sender directly over the phone or by typing a trusted URL directly in your browser or saved bookmark. Additionally, keeping your systems and devices updated with the most current operating system and web browser is a general security best practice, as well as enabling multi-factor authentication to prevent an attacker from abusing credentials should they successfully capture them.

More 2 Minute Threat Brief Articles:

EMPOWERING CYBERSECURITY PROFESSIONALS

Expanding Targets for New SunOrcal Malware Variant

Popular Resources

Legal Notices

Account

EMPOWERING CYBERSECURITY PROFESSIONALS

Expanding Targets for New SunOrcal Malware Variant

Want to be first to know?

Subscribe to Palo Alto Networks

Popular Resources

Legal Notices

Account