Prisma Cloud Security Research

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory

Unit 42 researchers have discovered new security vulnerabilities in the Azure Data Factory Apache Airflow integration. Attackers can exploit these flaws by gaining unauthorized write permissions to a directed acyclic graph (DAG) file or using a compromised service principal.

Cybercrime

Malware

Threat Actor Groups

Threat Research

Active Directory

AdFind

ALPHV

Ambitious Scorpius

Blackcat

BloodHound

Dec 17, 2024

By Stav Setty, Shachar Roitman, Tom Fakterman

Cloud Cybersecurity Research, Threat Research, Apache Airflow, Containers, Kubernetes, Microsoft Azure, Microsoft Azure Data Factory

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integ...

Unit 42 spent six months researching the China-based cybercrime group Rocke, which is the...

Dec 16, 2024

By Ofir Balassiano, David Orlovsky

Cybercrime, High Profile Threats, Ransomware, Threat Actor Groups, BlackSuit ransomware, construction, Education, Extortion, Ignoble Scorpius, leaksite

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware

Unit 42 researchers have observed an increase in BlackSuit r...

Nov 20, 2024

By Unit 42

Business Email Compromise, Threat Actor Groups, Threat Research, BeaverTail, CL-STA-0237, Contagious Interview, DPRK, Fake IT Worker, InvisibleFerret, Lazarus

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phish...

Unit 42 researchers identified a North Korean IT worker acti...

Nov 14, 2024

By Unit 42

Cloud Cybersecurity Research, Threat Research, data exfiltration, Google Cloud, Kubernetes, LLM, poisoned model, privilege escalation, Vertex AI

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

In the race to gain a competitive edge, organizations are increasingly training artificial...

Nov 12, 2024

By Ofir Balassiano, Ofir Shaty

Cybercrime, Threat Actor Groups, Threat Research, C++, CL-CRI-0941, CVE-2017-11317, CVE-2019-18935, GodPotato, Python, Remote Code Execution

Silent Skimmer Gets Loud (Again)

This article introduces a simple and straightforward technique for jailbreaking that we call Deceptive Delight. Deceptive Delight is a multi-turn tech...

Nov 07, 2024

By Veronika Senderovych, Chema Garcia, Zack Fink

Nation-State Cyberattacks, Ransomware, Threat Actor Groups, Threat Research, Cobalt Strike, DPRK, DTrack, Fiddling Scorpius, Infostealer, Jumpy Pisces

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance Gene...

Oct 30, 2024

By Unit 42

Malware, Threat Actor Groups, Threat Research, Advanced Persistent Threat, BeaverTail, CL-STA-240, Contagious Interview, DPRK, InvisibleFerret, North Korea

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to ...

Unit 42 has tracked activity from threat actors associated w...

Oct 09, 2024

By Unit 42

Malware, Threat Actor Groups, APT43, DPRK, FPSpy, G0086, Keylogger, Kimsuky, KLogExe, MITRE

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, c...

Sep 26, 2024

By Daniel Frank, Lior Rochberger