Security Affairs

SEPTEMBER 23, 2024

Earth Baxia primarily targeted government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand. The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram.

DNS 141

DNS Government Phishing Telecommunications 141

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware 132

Malware DNS Authentication Telecommunications 132

CyberSecurity Insiders

OCTOBER 22, 2021

CrowdStrike security researchers have discovered that a hacking group dubbed LightBasin aka UNC1945 has been hiding in the networks of renowned telecom networks from the past 5 years, monitoring all their business operations and sending censorious data to remote servers.

Cyber Attacks 139

Cyber Attacks Telecommunications DNS Government 139

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. SecurityAffairs – hacking, Log4Shell).

Malware 104

Malware Telecommunications DNS Hacking 104

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022. ” concludes the report.

Cybercrime 120

Cybercrime Telecommunications DNS Technology 120

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media 141

Media Accountability Telecommunications Government 141

Security Affairs

FEBRUARY 24, 2019

“The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

Internet 111

Internet Internet DNS Telecommunications 111

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. SecurityAffairs – GALLIUM, hacking). Pierluigi Paganini.

Telecommunications 97

Telecommunications DNS Malware Advertising 97

Security Affairs

NOVEMBER 11, 2022

The APT hacking group is believed to have been behind numerous attacks this year, including an attack on Ukrainian energy infrastructure and the deployment of a persistent botnet called “ Cyclops Blink ” dismantled by the US government in April. SecurityAffairs – hacking, Prestige ransomware). Pierluigi Paganini.

Ransomware 98

Ransomware Telecommunications DNS Hacking 98

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. SecurityAffairs – hacking, Myanmar).

Internet 113

Internet Internet Telecommunications DNS 113

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS 106

DNS Passwords Advertising Banking 106

Security Affairs

JANUARY 13, 2023

The C2 infrastructure used by the group was primarily hosted on the Bulgarian telecommunications company Neterra. Experts observed threat actors also using No-IP Dynamic DNS services. SecurityAffairs – hacking, NoName057(16) ). GitHub removed the accounts after SentinelOne reported the abuse to the company. Pierluigi Paganini.

DDOS 98

DDOS Telecommunications DNS Education 98

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 108

DNS Computers and Electronics Penetration Testing Government 108

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America. By utilizing the Google Update service, goopdate.dll conceals communications with C2 servers.

Telecommunications 115

Telecommunications DNS Malware Government 115

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. The malware uses DNS and HTTP-based communication mechanisms. Experts pointed out that Lyceum does not use sophisticated hacking techniques. SecurityAffairs – Lyceum, hacking). Security experts at Dragos Inc.

DNS 107

DNS Passwords Penetration Testing Social Engineering 107

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 111

DNS Computers and Electronics Penetration Testing Government 111

Security Affairs

NOVEMBER 29, 2019

One of the trends related to the active confrontation between attackers has been hacking back, i.e. when attackers become the victims of hacking. The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Pierluigi Paganini.

Banking 125

Banking Telecommunications Marketing Internet 125

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. SecurityAffairs – hacking, Operation Lyrebird). ” said Dmitry Volkov Group-IB CTO and Head of Threat Hunting Intelligence. Original post at [link]. Pierluigi Paganini.

Cybercrime 104

Cybercrime Phishing Banking Telecommunications 104

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group).

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104

CyberSecurity Insiders

MARCH 5, 2021

According to CRN news , SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. Infected Domains Analysis.

DNS 138

DNS Education Malware Telecommunications 138

Krebs on Security

APRIL 2, 2019

31, 2019, Rezvesz said his company recently was the subject of an international search warrant executed jointly by the Royal Canadian Mounted Police (RCMP) and the Canadian Radio-television and Telecommunications Commission (CRTC). “In In an “official press release” posted to pastebin.com on Mar.

Advertising 230

Advertising Malware Marketing Software 230

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. One of the unique things about how they did this is they judged it in a full spectrum hacking contest. If you look at like the Tesla hack, it was interesting. but they never actually checked that.

InfoSec 52

InfoSec Artificial Intelligence Computers and Electronics Software 52

eSecurity Planet

FEBRUARY 3, 2021

The National Telecommunications and Information Administration (NTIA) offers the concept of a Software Bill of Materials (SBOM) to address this problem. For CrowdStrike , months after the attempted hack, they were first alerted about attempts to read email and abnormal communication between their MS Office licenses and MS cloud APIs.

Software 62

Software Malware Authentication Penetration Testing 62

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. One of the unique things about how they did this is they judged it in a full spectrum hacking contest. If you look at like the Tesla hack, it was interesting. but they never actually checked that.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. One of the unique things about how they did this is they judged it in a full spectrum hacking contest. If you look at like the Tesla hack, it was interesting. but they never actually checked that.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” Pierluigi Paganini.

Computers and Electronics 98

Computers and Electronics Penetration Testing Malware Government 98

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In October, telecommunications firm Telenor Norway was another to fall victim. Extortionists’ activity regularly made the news throughout 2020.

DDOS 136

DDOS Cryptocurrency Marketing Internet 136

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware 143

Malware Spyware Government Social Engineering 143

Krebs on Security

JUNE 20, 2024

However, passive domain name system (DNS) records from DomainTools show that between October 2023 and March 2024 radaris.com was hosted alongside all of the other Gary Norden domains at the Internet address range 38.111.228.x. A spreadsheet of those historical DNS entries for radaris.com is available here (.csv).

Marketing 297

Marketing Telecommunications DNS Data privacy 297