Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth.| Unit 42
Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery. Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery.| Unit 42
Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group's infrastructure. Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group's infrastructure.| Unit 42
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.| Unit 42
In three campaigns over the past 20 months, Russian APT Fighting Ursa has targeted over 30 organizations of likely strategic intelligence value using CVE-2023-23397.| Unit 42
BlackCat ransomware gang has released a utility called Munchkin, allowing attackers to propagate their payload to remote machines. We analyze this new tool.| Unit 42