SecureList

DECEMBER 18, 2020

For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes. In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. Low-level details.

DNS 75

DNS Telecommunications Malware Encryption 75

SecureList

OCTOBER 18, 2021

Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++. As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP.

DNS 129

DNS Telecommunications Malware Accountability 129

Security Affairs

SEPTEMBER 23, 2024

Earth Baxia primarily targeted government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand. The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram. ” concludes the report.

DNS 139

DNS Government Phishing Telecommunications 139

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications 97

Telecommunications DNS Malware Advertising 97

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS 105

DNS Passwords Advertising Banking 105

Security Affairs

NOVEMBER 10, 2024

“Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines.

Hacking 130

Hacking Internet Internet Mobile 130

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 107

DNS Computers and Electronics Penetration Testing Government 107

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” Security experts at Dragos Inc.

DNS 107

DNS Passwords Penetration Testing Social Engineering 107

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. Original post at: [link].

Internet 111

Internet Internet Telecommunications DNS 111

eSecurity Planet

SEPTEMBER 3, 2022

For example, the 2016 DDoS attack on the Dyn managed domain name service (DNS) caused the DNS service to fail to respond to legitimate DNS inquiries and effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others. Also read: How to Secure DNS. Types of DDoS Attacks. Harden infrastructure.

DDOS 135

DDOS DNS Firewall Internet 135

eSecurity Planet

JULY 29, 2021

These types of attacks usually involve spoofed emails that attempt to impersonate a legitimate sender and convince the recipient to divulge confidential information or click a link or attachment that’s laced with malware. Any action that the user takes in response usually results in a malware launch or a similar kind of attack.

Social Engineering 129

Social Engineering Engineering Phishing DNS 129

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol. If the performed DNS request fails, the next stage is SLEEP.

Government 139

Government DNS Telecommunications Accountability 139

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 111

DNS Computers and Electronics Penetration Testing Government 111

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

Cybercrime 118

Cybercrime Telecommunications DNS Technology 118

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America. Picus Threat Library consists of 71 threats of the MuddyWater threat group, including the following malware: .

Telecommunications 115

Telecommunications DNS Malware Government 115

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. Leaving the mystery of the delivery method aside for now, let’s look at the capabilities of the malware itself.

Malware 142

Malware Encryption Social Engineering Telecommunications 142

Security Affairs

NOVEMBER 11, 2022

In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers.

Ransomware 98

Ransomware Telecommunications DNS Hacking 98

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking 123

Banking Telecommunications Marketing Internet 123

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 104

Cybercrime Phishing Banking Telecommunications 104

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. Exploit Technique Over Time.

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104

Security Boulevard

JULY 15, 2024

Weekly Threat Intelligence Report Date: July 15, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS StealC seems like an appropriate name for stealer malware written in C. It’s been available for less than two years as a Malware-as-a-Service product, and is a regular occurrence in HYAS malware detonations.

Malware 64

Malware Encryption Telecommunications DNS 64

SecureList

DECEMBER 23, 2020

The companies that appeared to be of special interest to the malicious actors may have been subjected to deployment of additional persistent malware. Read more about our research on Sunburst malware here. Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names.

Malware 72

Malware Telecommunications DNS Government 72

eSecurity Planet

FEBRUARY 3, 2021

This update touches on the newly detected malware , attack vectors to guard against, and why the targeting of security vendors is a critical development in cybersecurity. Before jumping into the technical details regarding each new malware detected and proper safeguards, here is a brief look at the events to date: Sep 2019.

Software 63

Software Malware Authentication Penetration Testing 63

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. In an “official press release” posted to pastebin.com on Mar.

Advertising 233

Advertising Malware Marketing Software 233

CyberSecurity Insiders

MARCH 5, 2021

On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. It also appeared in the recent CISA Emergency Directive 20-01.

DNS 138

DNS Education Malware Telecommunications 138

Krebs on Security

SEPTEMBER 1, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. for Germany — which has a far larger market share of domain name registrations than.US — have very low levels of abuse, including phishing and malware,” Marks told KrebsOnSecurity.

Phishing 271

Phishing Telecommunications Government DNS 271

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware 144

Malware Government Spyware Social Engineering 144

Security Affairs

JANUARY 15, 2020

Bonupdater, Helminth, Quadangent and PowRuner are some of the most sophisticated Malware attributed to OilRig and analyzed over the past few years. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” Indeed no 0days or usage of advanced exploits is found over the target infrastructure.

Computers and Electronics 98

Computers and Electronics Penetration Testing Malware Government 98

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In October, telecommunications firm Telenor Norway was another to fall victim. Extortionists’ activity regularly made the news throughout 2020.

DDOS 140

DDOS Cryptocurrency Marketing Internet 140