[21] In 2018, the company began opening cybersecurity training facilities around the world as part of the Global Cyber Range Initiative.

They are a group of cybersecurity researchers and industry experts who use data collected by the company's security platform to discover new cyber threats, such as new forms of malware and malicious actors operating across the world.

The group was detected sending spear-phishing emails attached to infected Microsoft Word documents using an exploit commonly used by cybercriminals and cyber-espionage campaigns.

[57] In September 2018, Unit 42 discovered Xbash, a ransomware that also performs cryptomining, believed to be tied to the Chinese threat actor "Iron".

[58] In October, Unit 42 warned of a new crypto mining malware, XMRig, that comes bundled with infected Adobe Flash updates.

[59] In November 2018, Palo Alto Networks announced the discovery of "Cannon", a trojan being used to target United States and European government entities.