Accountability, DNS and Telecommunications

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS.

DNS

DNS Internet Internet Government

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

Sea Turtle Hackers Spy on Dutch ISPs and Telecommunication Companies

Heimadal Security

JANUARY 10, 2024

Sea Turtle exploits known vulnerabilities and compromised accounts to gain initial access. DNS hijacking and traffic redirection that leads to man-in-the-middle attacks are among their cyber espionage techniques.

Telecommunications

Telecommunications DNS Media Internet

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

” Infoblox determined that until May 2023, domains ending in.info accounted for the bulk of new registrations tied to the malicious link shortening service, which Infoblox has dubbed “ Prolific Puma.” is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S.

Phishing

Phishing Telecommunications Malware Scams

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

Lyceum group reborn

SecureList

OCTOBER 18, 2021

As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia. We assume that it was used as a means to proxy traffic between two internal network clusters.

DNS

DNS Telecommunications Malware Accountability

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. Blocking without accountability.

Internet

Internet Internet Telecommunications DNS

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. The malware uses DNS and HTTP-based communication mechanisms. Security experts at Dragos Inc.

DNS

DNS Passwords Penetration Testing Social Engineering

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

CyberSecurity Insiders

APRIL 12, 2023

The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics. The financial sector emerged as the primary target, accounting for 34% of attacks and witnessing a 68% YoY increase.

DDOS

DDOS Telecommunications Data breaches DNS

APT34 targets Jordan Government using new Saitama backdoor

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol. If the performed DNS request fails, the next stage is SLEEP.

Government

Government DNS Telecommunications Accountability

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

GitHub removed the accounts after SentinelOne reported the abuse to the company. The C2 infrastructure used by the group was primarily hosted on the Bulgarian telecommunications company Neterra. Experts observed threat actors also using No-IP Dynamic DNS services. The current C2 server is zig35m48zur14nel40[.]myftp.org

DDOS

DDOS Telecommunications DNS Education

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking

Banking Telecommunications Marketing Internet

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078).

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. A total of five email addresses associated with the accused were identified, along with six nicknames, and his accounts on Skype, Facebook, Instagram, and Youtube.

Cybercrime

Cybercrime Phishing Banking Telecommunications

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

History of MSSPs As internet service providers (ISPs) and telecommunications companies (telecoms) began offering commercial access to the internet in the late 1990s, they began to also offer firewall appliances and associated managed services. assets (endpoints, servers, IoT, routers, etc.), Outsourcing U.S. companies may trust U.S.

Telecommunications

Telecommunications Firewall Penetration Testing Cybersecurity

Best Network Monitoring Tools for 2022

eSecurity Planet

JANUARY 26, 2022

Spun off from the telecommunications vendor JDS Uniphase in 2015, Viavi Solutions is a newer name, but it has four-plus decades of IT services experience. Administrators can use network monitoring tools to enhance visibility and deepen performance control, fault tolerance, and system or account activity. Catchpoint Features.

Marketing

Marketing DDOS Threat Detection DNS

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

The attacker can then define an admin account, setting the home directory to the root of C: drive. With user account credentials, attackers had a suite of email, documents, and data at their fingertips. Create a system of accountability by segregating roles for authorizing, approving, and monitoring code signatures. Encryption.

Software

Software Malware Authentication Penetration Testing

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. ” Dean Marks is executive director and legal counsel for a group called the Coalition for Online Accountability , which has been critical of the NTIA’s stewardship of.US. US phishing domains.US

Phishing

Phishing Telecommunications Government DNS

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

According to CRN news , SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. Infected Domains Analysis.

DNS

DNS Education Malware Telecommunications

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In October, telecommunications firm Telenor Norway was another to fall victim. Extortionists’ activity regularly made the news throughout 2020.

DDOS

DDOS Cryptocurrency Marketing Internet

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Krebs on Security

JUNE 20, 2024

However, passive domain name system (DNS) records from DomainTools show that between October 2023 and March 2024 radaris.com was hosted alongside all of the other Gary Norden domains at the Internet address range 38.111.228.x. A spreadsheet of those historical DNS entries for radaris.com is available here (.csv).

Marketing

Marketing Telecommunications DNS Data privacy

Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Trending Sources

DHS issues emergency Directive to prevent DNS hijacking attacks

Sea Turtle Hackers Spy on Dutch ISPs and Telecommunication Companies

US Harbors Prolific Malicious Link Shortening Service

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Lyceum group reborn

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Lyceum APT made the headlines with attacks in Middle East

Iran-linked APT34: Analyzing the webmask project

Massive Surge in DDoS Attacks Reported in First Quarter of 2023

APT34 targets Jordan Government using new Saitama backdoor

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Group-IB presents its annual report on global threats to stability in cyberspace

OilRig APT group: the evolution of attack techniques over time

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

What is a Managed Security Service Provider? MSSPs Explained

Best Network Monitoring Tools for 2022

Guarding Against Solorigate TTPs

Why is.US Being Used to Phish So Many of Us?

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

DDoS attacks in Q4 2020

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Stay Connected