Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems Executive SummaryMany illicit network services, including phishing campaigns and o... 2025-3-5 11:0:44 | 阅读: 5 | 收藏 | Unit 42 - unit42.paloaltonetworks.com tds malicious redirection phishing network

Uncovering .NET Malware Obfuscated by Encryption and Virtualization 本文分析了恶意软件家族（如Agent Tesla、XWorm和FormBook/XLoader）使用的混淆技术，包括AES加密、代码虚拟化、分阶段payload交付和动态代码加载等，并探讨了如何通过自动化逆向分析提取恶意软件配置参数。Palo Alto Networks提供了多种安全解决方案以应对这些威胁。... 2025-3-3 11:0:19 | 阅读: 3 | 收藏 | Unit 42 - unit42.paloaltonetworks.com payload stage overlay marker ciphertext

JavaGhost’s Persistent Phishing Attacks From the Cloud JavaGhost 是一个活跃五年的网络犯罪集团，最初以破坏网站为主。自2022年起，该组织转向利用云环境进行钓鱼攻击，通过获取暴露的AWS长期访问密钥发送钓鱼邮件。其活动涉及创建虚假IAM用户、规避检测技术，并在CloudTrail日志中留下痕迹。... 2025-2-28 11:0:56 | 阅读: 8 | 收藏 | Unit 42 - unit42.paloaltonetworks.com javaghost cloudtrail workmail python phishing

Squidoor: Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations 自2023年3月以来，一个疑似中国背景的威胁行为者针对东南亚和南美洲的政府、国防、电信、教育及航空部门发起恶意活动。该行为者利用名为Squidoor的高级后门程序及多个网络shell获取敏感信息，并通过Outlook API、DNS隧道及ICMP隧道等多种通信方式实现隐蔽控制。... 2025-2-27 11:0:15 | 阅读: 12 | 收藏 | Unit 42 - unit42.paloaltonetworks.com squidoor windows attackers shells c2

RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector 本文描述了一起针对macOS系统的网络攻击活动，涉及名为RustDoor和Koi Stealer的恶意软件。攻击者伪装成招聘面试，诱骗加密货币行业的开发者安装恶意软件。RustDoor用于窃取敏感数据并建立反向shell连接，而Koi Stealer则专注于窃取加密货币钱包和其他敏感信息。两者均采用隐藏技术以规避检测。本文还分析了这些恶意软件的技术细节，并指出其与朝鲜网络活动的关联。... 2025-2-26 11:0:59 | 阅读: 11 | 收藏 | Unit 42 - unit42.paloaltonetworks.com stealer koi rustdoor library cortex

Auto-Color: An Emerging and Evasive Linux Backdoor Palo Alto Networks发现名为Auto-color的新Linux恶意软件，采用良性文件名、隐藏C2连接和自定义加密等手段避免检测。一旦安装，允许远程访问并难以移除。文章提供了检测指标，并建议使用其安全产品进行防护。... 2025-2-24 23:0:52 | 阅读: 20 | 收藏 | Unit 42 - unit42.paloaltonetworks.com library payload remote malicious machine

Investigating LLM Jailbreaking of Popular Generative AI Web Products 本文研究了17个流行生成式AI网络产品的越狱漏洞，发现所有产品均存在不同程度的越狱风险。单轮攻击策略如“讲故事”和“角色扮演”仍具有效性，而多轮策略在引发安全违规方面更胜一筹。尽管模型训练数据和PII泄露攻击成功率较低，但仍有部分应用易受特定攻击影响。研究建议采用多层次内容过滤等措施提升安全性。... 2025-2-21 11:0:51 | 阅读: 7 | 收藏 | Unit 42 - unit42.paloaltonetworks.com jailbreak llm goals leakage asr

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware 文章指出Stately Taurus针对东南亚国家组织进行网络攻击，并与Bookworm恶意软件相关联。该活动利用DLL侧加载技术传播PubLoad恶意软件，并通过伪装Windows更新请求与C2服务器通信。Bookworm的模块化设计使其具有高度灵活性，能够长期用于攻击活动。... 2025-2-20 11:0:23 | 阅读: 17 | 收藏 | Unit 42 - unit42.paloaltonetworks.com bookworm stately taurus shellcode toneshell

Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit 文章介绍了NVIDIA CUDA工具包中的cuobjdump和nvdisasm工具发现的9个漏洞（CVE-2024-53870至CVE-2024-53878），涉及整数溢出和越界读取问题。这些漏洞可能导致有限的拒绝服务或信息泄露。NVIDIA已于2025年2月发布更新修复这些问题。建议开发者使用最新版本以避免风险。... 2025-2-19 14:15:32 | 阅读: 45 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cubin cuobjdump cuda nvdisasm

Stealers on the Rise: A Closer Look at a Growing macOS Threat Executive SummaryWe recently identified a growing number of attacks targeting macO... 2025-2-4 11:0:12 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com stealer poseidon cthulhu malicious

Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek Executive SummaryUnit 42 researchers recently revealed two novel and effective jai... 2025-1-30 21:30:36 | 阅读: 15 | 收藏 | Unit 42 - unit42.paloaltonetworks.com deepseek likert judge llms jailbreak

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia Executive SummaryWe identified a cluster of activity that we track as CL-STA-0048.... 2025-1-29 23:0:17 | 阅读: 12 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex malicious plugx cobalt c2

Threat Brief: CVE-2025-0282 and CVE-2025-0283 Executive SummaryOn Jan. 8, 2025, Ivanti released a security advisory for two vuln... 2025-1-17 00:30:13 | 阅读: 124 | 收藏 | Unit 42 - unit42.paloaltonetworks.com ivanti attackers 0282 appliance memory

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks Executive SummaryWhen launching and persisting attacks at scale, threat actors can... 2025-1-14 11:0:37 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing malicious postal shop

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability Executive SummaryThis article presents what we are calling the “Bad Likert Judge”... 2024-12-31 23:0:16 | 阅读: 12 | 收藏 | Unit 42 - unit42.paloaltonetworks.com llm asr judge likert jailbreak

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Executive SummaryWe developed an adversarial machine learning (ML) algorithm that... 2024-12-20 11:0:39 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com malicious llm phishing rewriting llms

Effective Phishing Campaign Targeting European Companies and Institutions Executive SummaryUnit 42 researchers recently investigated a phishing campaign tar... 2024-12-18 08:0:28 | 阅读: 31 | 收藏 | Unit 42 - unit42.paloaltonetworks.com phishing hxxps buzz hsforms eu1

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory Executive SummaryThis article provides a practical guide to developing a detection... 2024-12-17 23:0:43 | 阅读: 13 | 收藏 | Unit 42 - unit42.paloaltonetworks.com cortex attackers windows malicious sharphound

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration Executive SummaryUnit 42 researchers have discovered new security vulnerabilities... 2024-12-16 23:0:37 | 阅读: 10 | 收藏 | Unit 42 - unit42.paloaltonetworks.com airflow geneva dag pods attackers

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation Executive SummaryThis article analyzes a new packer-as-a-service (PaaS) called Hea... 2024-12-13 23:0:21 | 阅读: 11 | 收藏 | Unit 42 - unit42.paloaltonetworks.com heartcrypt payload analysis windows 0066