Palo Alto Networks Unit 42

Beware of #scams on #BlackFriday: Known threat actors are increasing email phishing, often linking to fraudulent luxury shopping sites. In addition, new domains are increasingly registered and used for #phishing and other scams. Stay alert! Details at https://bit.ly/3XW6nrm

As they ramp up for the biggest shopping weeks of the calendar year, organizations should be aware of the “unwavering chaos” presented by cybercrime groups. This Insights blog discusses the latest movements of cybercrime alliance Scattered LAPSUS$ Hunters: New data theft allegations, #ShinySp1d3r ransomware and insider recruitment: https://bit.ly/48svU0y

The dual-use dilemma, traditionally associated with technologies such as nuclear physics, now extends to artificial intelligence. Our latest research looks at how malicious LLMs are democratizing skill and commercializing cyberattacks. This dual-use AI hastens the need for ethical guardrails and accountability. https://bit.ly/480laYa

We're tracking ongoing sample testing of a malicious Chrome extension on VirusTotal, likely to evade detection before deployment. These samples impersonate a legitimate extension and use highly obfuscated JavaScript for C2 communication. Details at https://bit.ly/48nlVJT

Shai-Hulud 2.0: A new npm-focused campaign is significantly wider in scope than its previous iteration, affecting tens of thousands of GitHub repositories. Read our updated report: https://bit.ly/4pHJOng

We are tracking indicators for a new #ransomware named "ShinySp1d3r" likely associated with the cybercrime group #BlingLibra (#ShinyHunters). Discovered samples are for Windows, but a Linux version will apparently be released at a later point. Details at https://bit.ly/4a6xMye

📢 The November Unit 42 Threat Bulletin is now live! This month, our experts cover significant trends related to the holiday season and more: 🔗 Supply Chain Risks: Recent research demonstrates how a collective ecosystem becomes an attack vector. Is your organization prepared for shared code, shared risk? 🕵️ Scattered LAPSUS$: Their silence isn't safety. Retail CISOs, stay alert this holiday season – cybercrime remains unpredictable. 💳 Jingle Thief Attacks: Attackers are turning identity into profit, exploiting weak identity governance to steal gift cards. Read the full Threat Bulletin for critical insights and actionable strategies to defend against today's top threats. Share your thoughts below!

⏱️ AI-enabled attacks hit faster. Is your SOC ready? With AI speeding up attacks by 100x and SOCs already struggling to keep up, traditional defense strategies are no longer enough. Unit 42 AI Threat Readiness is a hands-on service that prepares your SOC for the next generation of threats, delivering measurable gains to shrink your MTTD and MTTR. It's time to modernize your defenses. https://bit.ly/4o4RGgi

From car shopping to a compromised environment: Read how an attack by Howling Scorpius stresses potential gaps between security investment and effectiveness. In this incident affecting a data storage company, a 42-day dwell time before Akira ransomware deployment allowed bad actors to position for maximum impact. https://bit.ly/48iXONr