Phantom Squatting: Attackers Weaponize AI-Invented URLs
Unit 42 finds attackers registering domains that LLMs hallucinate, then hosting phishing kits to intercept AI-directed traffic. Montana Empire kit caught 23 days after prediction.
8 articles tagged with "Unit 42"
Unit 42 finds attackers registering domains that LLMs hallucinate, then hosting phishing kits to intercept AI-directed traffic. Montana Empire kit caught 23 days after prediction.
Unit 42 uncovers ClickFix campaign using hdiutil -nobrowse to silently mount disk images on macOS. Victims never see the DMG—just Atomic Stealer harvesting credentials.
Unit 42 uncovers FlutterShell backdoor campaign targeting macOS users through Google-verified shell companies. Malware evades detection via WebView architecture and Apple notarization.
Pharma supplier West Pharmaceutical Services discloses ransomware attack in SEC filing. Attackers exfiltrated data before encrypting systems. Unit 42 investigating.
Unit 42 exposes how excessive default permissions in Google Cloud's Vertex AI let attackers weaponize AI agents to steal data from customer environments.
Unit 42 details how Iran's Electronic Operations Room coordinated RipperSec and 60+ hacktivist groups claiming 150+ incidents in 72 hours during Operation Epic Fury.
Attackers exploiting CVE-2026-1731 deploy cross-platform backdoors across finance, healthcare, and tech. Over 10,600 instances remain exposed.
Asia-based APT TGR-STA-1030 compromised 70+ government and critical infrastructure targets across 37 countries using eBPF rootkits and Cobalt Strike.