Unit 42 Archives

The Hawaiian Airlines logo is displayed at a check-in area at Los Angeles International Airport (LAX) on December 4, 2023 in Los Angeles, California. (Photo by Mario Tama/Getty Images)

Scattered Spider strikes again? Aviation industry appears to be next target for criminal group

Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat.

Jun 27, 2025 By Greg Otto

Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe

A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.

Jun 16, 2025 By Matt Kapko

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

Jun 3, 2025 By Matt Kapko

The money earned by remote North Korean IT workers is funding the North Korean weapons programs. (Getty Images)

The North Korea worker problem is bigger than you think

The yearslong scheme goes much deeper than contract work, extending to roles beyond traditional IT and sometimes granting the insider threat “keys to the kingdom,” DTEX President…

Mar 31, 2025 By Matt Kapko

A picture of a toll booth in New Jersey. Scammers have been sending text messages about unpaid toll violations. (Getty Images)

Who is sending those scammy text messages about unpaid tolls?

The latest smishing scam follows a familiar process as ones the industry has seen over the past decade.

Mar 17, 2025 By Matt Kapko

Cybercriminals picked up the pace on attacks last year

Ransomware groups last year achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, threat intelligence experts said.

Mar 5, 2025 By Matt Kapko

Threat actors are increasingly trying to grind business to a halt

Palo Alto Networks’ threat intelligence firm said nearly 9 in 10 cyberattacks it responded to last year involved disrupted business operations.

Feb 25, 2025 By Matt Kapko

ransomware, cybercrime, Unit 42 report — (Getty Images)

Bigger demands, bigger payouts are the trend in ransomware, report says

Palo Alto Networks' Unit 42 says that in the cases it worked, the average demand was up 144% and average payment was up 78%.

Mar 24, 2022 By Joe Warminsky

Ukraine front line — A Ukrainian serviceman walks in a snow-covered trench on the front line with Russia-backed separatists near Avdiivka in the Donetsk region on Feb. 3, 2022 (Photo by ANATOLII STEPANOV/AFP via Getty Images)

Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

Amid questions about the most recent cyberattacks on Ukraine a known adversary has been observed launching its own attacks.

Feb 4, 2022

alleged Nigerian cybercriminals arrested — Two “SilverTerrier” suspects, center, appear in an unidentified location with law enforcement officers who participated in Operation Falcon II.(Interpol)

Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’

The operation — with help from Palo Alto Networks' Unit 42 as well as cybersecurity firm Group-IB — marks the second action against the group.

Jan 19, 2022