Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Unit 42 stopped monitoring this threat and updating the brief on Sept. 18, 2025. Please refer to the Microsoft SharePoint customer guidance for the latest information.
Cortex Cloud Security Research
Cloud Cybersecurity Research, General, Insights, Cloud Infrastructure Protection, Cloud Security, Unit 42 Incident Response Report
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 G...
Cloud incidents like ransomware attacks and account compromise can bring operations to a h...
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR M...
Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests....
Bookworm to Stately Taurus Using the Unit 42 Attribution Framework
Our research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities...
Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trus...
BadSuccessor is a critical attack vector that emerged following the release of Windows Server 2025. Under certain condit...
Cybercrime, Nation-State Cyberattacks, Ransomware, Threat Actor Groups, Academic Serpens, Agent Serpens, Agonizing Serpens, Alloy Taurus, Ambitious Scorpius, Bashful Scorpius
Threat Actor Groups Tracked by Palo Alto Networks Unit 42 (Updated Aug. 1, ...
This article lists selected threat actors tracked by Palo Al...
Cybercrime, Nation-State Cyberattacks, Ransomware, Threat Actor Groups, Threat Research, Advanced Persistent Threat, Bookworm, nomenclature, Stately Taurus
Introducing Unit 42’s Attribution Framework
Threat actor attribution has traditionally been considered more art than science, often re...
Business Email Compromise, Cybercrime, Malware, Threat Actor Groups, Trend Reports, Agent Serpens, Agentic AI, ClickFix, Credential Harvesting, Lumma Stealer
2025 Unit 42 Global Incident Response Report: Social Engineering Edition
We see social engineering evolving into one of the most reli...
Malware, Threat Actor Groups, Threat Research, Vulnerabilities, Advanced Persistent Threat, backdoor, CL-STA-0969, GALLIUM, GoLang, Liminal Panda
The Covert Operator's Playbook: Infiltration of Global Telecom Networks
Unit 42 has observed multiple incidents targeting the telecommunications industry in South...
High Profile Threats, Malware, Threat Actor Groups, 0ktapus, ALPHV, BlackCat ransomware, MITRE, Muddled Libra, phishing, Scatter Swine
Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
Unit 42 has tracked and responded to several waves of intrusion operations conducted by th...
Cloud Cybersecurity Research, Threat Research, AWS, Azure, Cloud, Container, control plane, data plane, GCP, incident response
Cloud Logging for Security and Beyond
This article aims to simplify cloud logging best practices for each major cloud service provider (CSP) while considering security, regulatory and busi...
Malware, Threat Actor Groups, AWS, backdoor, C2, CL-STA-1020, DLL Sideloading, Dropbox, Google Drive, Microsoft
Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implem...
Since late 2024, Unit 42 researchers have been tracking a cluster of suspicious activity as CL-STA-1020, targeting gover...
GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Rev...
Unit 42 researchers continue to observe network security trends, tracking how cybercriminals take advantage of vulnerabi...
Cybercrime, Hacktivism, High Profile Threats, Malware, Threat Actor Groups, Threat Research, Agent Serpens, Agonizing Serpens, Boggy Serpens, Curious Serpens
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30)
The recent conflict involving Iran, particularly its militar...
Cloud Cybersecurity Research, Malware, Threat Research, endpoint, Linux Malware, Machine Learning, PowerShell, Remote Access Trojan, VBScript, Winnti
The Evolution of Linux Binaries in Targeted Cloud Operations
On January 31, a security researcher named Mohammad Faghani posted an analysis of malware...