Prisma Cloud Security Research

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

Unit 42 has tracked activity from threat actors associated with the Democratic People’s Republic of Korea (DPRK), where they pose as recruiters to install malware on tech industry job seekers’ devices. We call this activity the CL-STA-240 Contagious Interview campaign, and we first published about it in November 2023. Since that...

Malware

Threat Actor Groups

Threat Research

Advanced Persistent Threat

BeaverTail

CL-STA-240

Contagious Interview

DPRK

InvisibleFerret

North Korea

Oct 09, 2024

By Unit 42

Malware, Threat Actor Groups, APT43, DPRK, FPSpy, G0086, Keylogger, Kimsuky, KLogExe, MITRE

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, c...

Sep 26, 2024

By Daniel Frank, Lior Rochberger

Malware, Threat Actor Groups, AppleJeus, Citrine Sleet, Cryptocurrency, Gleaming Pisces, Linux, macOS, North Korea, PondRAT

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux an...

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages...

Sep 18, 2024

By Yoav Zemah

Cybercrime, High Profile Threats, Ransomware, Threat Actor Groups, Threat Research, ALPHV, Ambitious Scorpius, Bashful Scorpius, BlackCat ransomware, Cicada3301

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomwar...

Repellent Scorpius is a new ransomware-as-a-service (RaaS) g...

Sep 10, 2024

By Navin Thomas, Jerome Tujague

Cybercrime, High Profile Threats, Malware, Nation-State Cyberattacks, Threat Actor Groups, Advanced Persistent Threat, Alluring Pisces, Andariel, Bluenoroff, Citrine Sleet

Threat Assessment: North Korean Threat Groups

Lazarus has been used in public reporting as an umbrella term for threat actors from the D...

Sep 09, 2024

By Unit 42

Malware, Threat Actor Groups, Advanced Persistent Threat, China, DLL Sideloading, Dropbox, Espionage, Government, Microsoft Visual Studio, Mimikatz

Chinese APT Abuses VSCode to Target Government in Asia

In the summer of 2018, Unit 42 released reporting regarding activity in the Middle East surrounding a cluster of activit...

Sep 06, 2024

By Tom Fakterman

Cloud Cybersecurity Research, Ransomware, Threat Actor Groups, AWS, AWS credential stealing, Bling Libra, Extortion, MITRE, S3, ShinyHunters

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunter...

In an incident response engagement handled by Unit 42, the threat actor group Bling Libra...

Aug 23, 2024

By Margaret Zimmermann, Chandni Vaya

Cloud Cybersecurity Research, Threat Research, AWS, credential theft, data exfiltration, ENV files, environment variable files, Exploit Kits, exposed environment files, Extortion

Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud...

Unit 42 researchers found an extortion campaign's cloud oper...

Aug 15, 2024

By Margaret Zimmermann, Sean Johnstone, William Gamazo, Nathaniel Quist

Cloud Cybersecurity Research, Threat Research, artifacts, AWS, GitHub, open source, Red Hat, Ubuntu

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artif...

In part 1 of this 2-part blog series, we discussed why the Havex Trojan is a significant and concerning industry milesto...

Aug 13, 2024

By Yaron Avital

Malware, Nation-State Cyberattacks, Threat Actor Groups, Threat Research, Advanced Persistent Threat, APT28, Fancy Bear, Fighting Ursa, HeadLace, phishing

Fighting Ursa Luring Targets With Car for Sale

A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to di...

Aug 02, 2024

By Unit 42

Cloud Cybersecurity Research, Threat Research, cloud infrastructure, Container, container escape, container security, Docker, Kubernetes

Container Breakouts: Escape Techniques in Cloud Environments

This article reviews container escape techniques, assesses their possible impact and revea...

Jul 18, 2024

By Yosef Yaakov, Bar Ben-Michael

Cloud Cybersecurity Research, CVE-2024-6387, High Profile Threats, OpenSSH, RegreSSHion, Remote Code Execution, SSH, Vulnerabilities

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability

On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in O...

Jul 02, 2024

By Unit 42

Cybercrime, Nation-State Cyberattacks, Ransomware, Threat Actor Groups, Academic Serpens, Agent Serpens, Agonizing Serpens, Alloy Taurus, Ambitious Scorpius, Bashful Scorpius

Threat Actor Groups Tracked by Palo Alto Networks Unit 42

This article lists selected threat actors tracked by Palo Alto Networks Unit 42, using our...

Jun 27, 2024

By Unit 42

AWS, Azure, Cloud Cybersecurity Research, IaaS, Microsoft, Threat Research, Trend Reports, virtual machines

Attack Paths Into VMs in the Cloud

This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. Organizations can use this information to u...

Jun 18, 2024

By Jay Chen

AWS, Azure, Cloud Research, Data Security, Data Security Posture Management, GCP

Are Cloud Serverless Functions Exposing Your Data?

More than 25% of all publicly accessible serverless functions have access to sensitive data, as seen in internal research. The question then becomes, Are cloud serverless functions...

Jun 06, 2024

By Golan Myers

Cloud Research, KYC, LLM, Platform, Research, Threat Research

Understanding Three Real Threats of Generative AI

Generative AI is a technology that has caught the attention of both good and bad actors. At its heart, the term generative AI refers to types of artificial intelligence that can ge...

May 23, 2024

By Kyle Wilhoit

Advanced Persistent Threat, backdoor, China, Diplomatic Specter, Gh0st Rat, Malware, Nation-State Cyberattacks, SweetSpecter, TGR-STA-0043, Threat Actor Groups

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Lev...

A Chinese advanced persistent threat (APT) group has been co...

May 23, 2024

By Lior Rochberger, Daniel Frank

Prisma Cloud Security Research

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux an...

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomwar...

Threat Assessment: North Korean Threat Groups

Chinese APT Abuses VSCode to Target Government in Asia

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunter...

Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud...

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artif...

Fighting Ursa Luring Targets With Car for Sale

Container Breakouts: Escape Techniques in Cloud Environments

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability

Threat Actor Groups Tracked by Palo Alto Networks Unit 42

Attack Paths Into VMs in the Cloud

Are Cloud Serverless Functions Exposing Your Data?

Understanding Three Real Threats of Generative AI

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Lev...

Get the latest news, invites to events, and threat alerts

Products and Services

Company

Popular Links