unit42

Three Chinese Hacker Groups Hit the Same Government. At the Same Time.

John Z Black Mar 31, 2026

Threat Intelligence #china #apt #mustang-panda #unit42 #espionage #southeast-asia #usb-worm #hiupan #nation-state

Iran Is Running Every Cyberattack at Once

John Z Black Mar 28, 2026

Threat Intelligence #iran #unit42 #apt #wiper #handala #stryker #nation-state #bearlyfy #geopolitics #cyber-warfare

Iran isn't running a cyber campaign right now. It's running all of them simultaneously, and Unit 42's latest brief documents exactly that.

Stryker Finds a Malicious File in Its Systems. Production Is Coming Back Online.

John Z Black Mar 25, 2026

Incidents & Breaches #stryker #handala #iran #healthcare #incident-response #unit42

Stryker's forensic investigation with Palo Alto Networks Unit 42 found a malicious file used to run commands and conceal activity, a separate finding from the initial Handala attack. Production recovery is underway.

AI Governance Is an Implementation Problem Now, Not a Policy Project

John Z Black Mar 19, 2026

AI Security #ai-governance #ai-agents #least-privilege #data-locality #enforcement #cloudflare #unit42

Unit 42 on agent risk, Cloudflare on data-locality controls, and the ICML enforcement controversy all point to the same thing: governance only counts when it's technically enforceable and organizationally defended.

China's Been Quietly Spying on Southeast Asian Militaries for Years

John Z Black Mar 13, 2026

Nation-State Threats #china #apt #espionage #southeast-asia #military #unit42 #nation-state

Unit 42 documented a suspected Chinese state-sponsored espionage campaign with years of undetected access to military networks across Southeast Asia. This is what patient intelligence collection looks like.