❌

Reading view

Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization

The evolution of Iranian cyber operations in broad context: from custom wiper malware to misuse of legitimate admin tools and more.

The post Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization appeared first on Unit 42.

  •  

An Investigation Into Years of Undetected Operations Targeting High-Value Sectors

In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft.

The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42.

  •  

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud.

The post Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild appeared first on Unit 42.

  •  

Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.

The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17) appeared first on Unit 42.

  •  
  •  

A Peek Into Muddled Libra’s Operational Playbook

Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks.

The post A Peek Into Muddled Libra’s Operational Playbook appeared first on Unit 42.

  •  
❌