DNS, Passwords and Telecommunications - Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. PASSIVE DNS.

DNS

DNS Internet Internet Government

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Advertising Telecommunications

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations.

Telecommunications

Telecommunications DNS Passwords Hacking

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications

Telecommunications Mobile Hacking Architecture

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Internet

Internet Internet DNS Telecommunications

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” states the analysis published by Avast.

DNS

DNS Passwords Advertising Banking

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware

Malware DNS Authentication Telecommunications

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

31, 2019, Rezvesz said his company recently was the subject of an international search warrant executed jointly by the Royal Canadian Mounted Police (RCMP) and the Canadian Radio-television and Telecommunications Commission (CRTC). “In In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Software Marketing

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media

Media Accountability Telecommunications Government

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Lyceum was observed using password spraying and brute-force attacks to compromise email accounts of targeted individuals. The malware uses DNS and HTTP-based communication mechanisms. Security experts at Dragos Inc.

DNS

DNS Passwords Penetration Testing Social Engineering

Caught in the Act: StealC, the Cyber Thief in C

Security Boulevard

JULY 15, 2024

StealC is an information stealer capable of exfiltrating a variety of confidential information, including passwords, emails, and cryptocurrency wallets. It’s been available for less than two years as a Malware-as-a-Service product, and is a regular occurrence in HYAS malware detonations.

Malware

Malware Encryption Telecommunications DNS

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

With access to DSInternals, the malware could query the AD servers and steal data, passwords, and keys. 509 keys or password credentials to legitimate OAuth applications to offer protracted authorized access. Mail DNS controls. Executed Microsoft PowerShell commands to create more instances of Raindrop on network computers.

Software

Software Malware Authentication Penetration Testing

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

According to SaveBreach , Security Researcher Vinoth Kumar discovered a password that belongs to SolarWinds update server has been leaked to Github since 2018. It is unclear whether the attackers have utilized the weak password in the attacks, but it shows the weakness of SolarWinds security posture. Infected Domains Analysis.

DNS

DNS Education Malware Telecommunications

Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Trending Sources

DHS issues emergency Directive to prevent DNS hijacking attacks

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

China-linked LightBasin group accessed calling records from telcos worldwide

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

For nearly a year, Brazilian users have been targeted with router attacks

Cuttlefish malware targets enterprise-grade SOHO routers

Canadian Police Raid ‘Orcus RAT’ Author

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Iran-linked APT34: Analyzing the webmask project

Lyceum APT made the headlines with attacks in Middle East

Caught in the Act: StealC, the Cyber Thief in C

Guarding Against Solorigate TTPs

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

Stay Connected