Heimadal Security

JANUARY 10, 2024

DNS hijacking and traffic redirection that leads to man-in-the-middle attacks are among their cyber espionage techniques. Their goal is to collect economic and political intelligence […] The post Sea Turtle Hackers Spy on Dutch ISPs and Telecommunication Companies appeared first on Heimdal Security Blog.

Telecommunications 86

Telecommunications DNS Media Internet 86

Security Affairs

FEBRUARY 13, 2025

On September 2022, the Sandworm group was observed impersonating telecommunication providers to target Ukrainian entities with malware. Since late 2021, the subgroup has targeted networks by modifying Outlook Web Access (OWA) sign-in pages and DNS configurations.

Telecommunications 109

Telecommunications DNS Passwords Hacking 109

Security Affairs

NOVEMBER 10, 2024

“Do NOT conduct CFPB work using mobile voice calls or text messages,” reads the email sent to the employees referencing a recent government statement acknowledging the telecommunications infrastructure attack. The threat actors targeted insecure software update mechanisms to install malware on macOS and Windows victim machines.

Hacking 132

Hacking Internet Internet Mobile 132

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications 138

Telecommunications Mobile Hacking Architecture 138

Krebs on Security

OCTOBER 31, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. “We’re always looking at the end malware or phishing page, but what we’re finding here is that there’s this middle layer of DNS threat actors persisting for years without notice.”

Phishing 321

Phishing Telecommunications Malware Scams 321

SecureList

DECEMBER 18, 2020

In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. These requests contain information about the infected computer; if the attackers deem it interesting enough, the DNS response includes a CNAME record pointing to a second level C&C server. Low-level details. avsvmcloud[.]com”

DNS 76

DNS Telecommunications Malware Encryption 76

Security Affairs

SEPTEMBER 26, 2024

In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Internet 131

Internet Internet DNS Telecommunications 131

Security Affairs

FEBRUARY 24, 2019

“The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

Internet 111

Internet Internet DNS Telecommunications 111

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware 132

Malware DNS Authentication Telecommunications 132

CyberSecurity Insiders

OCTOBER 22, 2021

Interestingly, the findings state that the threat actors, probably funded by a government, were hiding in the external DNS servers of telcos and conducting espionage through General Packet Radio Services (GPRS) networks. The post What is Telecom LightBasin Cyber Attack appeared first on Cybersecurity Insiders.

Cyber Attacks 139

Cyber Attacks Telecommunications DNS Government 139

SecureList

OCTOBER 18, 2021

As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP. Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++.

DNS 133

DNS Telecommunications Malware Accountability 133

Security Affairs

SEPTEMBER 23, 2024

Earth Baxia primarily targeted government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand. The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram.

DNS 141

DNS Government Phishing Telecommunications 141

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS 106

DNS Passwords Advertising Banking 106

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware 104

Malware Telecommunications DNS Hacking 104

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications 97

Telecommunications DNS Malware Advertising 97

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 108

DNS Computers and Electronics Penetration Testing Government 108

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. Original post at: [link].

Internet 113

Internet Internet Telecommunications DNS 113

eSecurity Planet

SEPTEMBER 3, 2022

For example, the 2016 DDoS attack on the Dyn managed domain name service (DNS) caused the DNS service to fail to respond to legitimate DNS inquiries and effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others. Also read: How to Secure DNS. Types of DDoS Attacks. Harden infrastructure.

DDOS 145

DDOS DNS Firewall Internet 145

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol. If the performed DNS request fails, the next stage is SLEEP.

Government 145

Government DNS Telecommunications Accountability 145

CyberSecurity Insiders

APRIL 12, 2023

The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics. Telecommunications continued to be a popular target, enduring 16% of attacks and a 47% YoY increase.

DDOS 129

DDOS Telecommunications Data breaches DNS 129

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

Cybercrime 120

Cybercrime Telecommunications DNS Technology 120

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Media 141

Media Accountability Telecommunications Government 141

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 111

DNS Computers and Electronics Penetration Testing Government 111

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. The malware uses DNS and HTTP-based communication mechanisms. The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane.

DNS 107

DNS Passwords Penetration Testing Social Engineering 107

Security Affairs

JANUARY 29, 2019

Early January, security experts at FireEye uncovered a DNS hijacking campaign that was targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe.

Cyber Attacks 101

Cyber Attacks Telecommunications Advertising DNS 101

Security Boulevard

FEBRUARY 27, 2025

As the CTO of a telecommunications company said to me, HYAS doesnt just find the needle in the haystack, you find the needle in the stack of needles. However, this same client also demonstrated that with the right intelligence, its possible to cut through the chaos and focus on what truly matters.

CISO 52

CISO Artificial Intelligence Internet Internet 52

Security Affairs

DECEMBER 24, 2019

The authorities want to ensure that the access to Russian Internet resources will be maintained also under attack, to do this, Russian experts are thinking a sort of DNS managed by Moscow. Currently, among the 12 organizations that oversee DNS base servers worldwide there isn’t an entity in Russia.

Internet 98

Internet Internet DNS Surveillance 98

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking 125

Banking Telecommunications Marketing Internet 125

eSecurity Planet

JULY 29, 2021

Vishing attacks are also similar to phishing and smishing, but these attacks target VoIP and telecommunications services rather than text-based mediums. Usually this is accomplished either by deploying malware that changes the target computer’s host files, or by using a technique known as DNS cache poisoning.

Social Engineering 129

Social Engineering Engineering Phishing DNS 129

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America. MITRE ATT&CK T1572 Protocol Tunneling. MuddyWater APT Group Attacks in Picus Threat Library.

Telecommunications 115

Telecommunications DNS Malware Government 115

Security Affairs

JANUARY 13, 2023

The C2 infrastructure used by the group was primarily hosted on the Bulgarian telecommunications company Neterra. Experts observed threat actors also using No-IP Dynamic DNS services. GitHub removed the accounts after SentinelOne reported the abuse to the company. The current C2 server is zig35m48zur14nel40[.]myftp.org

DDOS 98

DDOS Telecommunications DNS Education 98

Security Affairs

NOVEMBER 11, 2022

The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113).

Ransomware 98

Ransomware Telecommunications DNS Hacking 98

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB.

Cybercrime 104

Cybercrime Phishing Banking Telecommunications 104

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group).

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104

eSecurity Planet

AUGUST 22, 2023

History of MSSPs As internet service providers (ISPs) and telecommunications companies (telecoms) began offering commercial access to the internet in the late 1990s, they began to also offer firewall appliances and associated managed services. assets (endpoints, servers, IoT, routers, etc.), Outsourcing U.S. companies may trust U.S.

Firewall 98

Firewall Telecommunications Penetration Testing Cybersecurity 98

eSecurity Planet

JANUARY 26, 2022

Spun off from the telecommunications vendor JDS Uniphase in 2015, Viavi Solutions is a newer name, but it has four-plus decades of IT services experience. Catchpoint Features. Dynatrace offers a full-stack application performance monitoring and digital experience platform for modern hybrid environments. VIAVI Solutions.

Marketing 121

Marketing DDOS Threat Detection DNS 121

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. Full control over the DNS, meaning they can provide responses for non-existent domains.

Malware 137

Malware Encryption Social Engineering Telecommunications 137