Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014.

Phishing 130

Phishing Accountability Advertising DNS 130

Krebs on Security

MARCH 2, 2020

HYAS said it quickly notified the French national computer emergency team and the FBI about its findings, which pointed to a dynamic domain name system (DNS) provider on which the purveyors of this attack campaign relied for their various malware servers. There is a third Skype account nicknamed “Fatal.001”

DNS 263

DNS Penetration Testing Malware Hacking 263

Security Affairs

AUGUST 28, 2018

Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Many of the domains used by COBALT DICKENS were registered between May and August 2018, most of them resolved to the same IP address and DNS name server. Pierluigi Paganini.

Phishing 71

Phishing Advertising DNS Hacking 71

Security Affairs

MARCH 5, 2020

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Let’s consider mybrowser.microsoft.com, it might have resolved by the DNS to something like webserver9000.azurewebsites.net. azurewebsites.net.

DNS 89

DNS Phishing Advertising Malware 89

Security Affairs

JULY 15, 2023

Gamaredon has been active since 2014 and its activity focus on Ukraine, the group was observed using the multistage backdoor Pteranodon / Pterodo. The group often uses spear-phishing emails and messages (Telegram, WhatsApp, Signal) as an initial attack vector. The cyberspies often use accounts that have been previously compromised.

Social Engineering 94

Social Engineering DNS Accountability Malware 94

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. us , a site unabashedly dedicated to helping people hack email and online gaming accounts. pleaded guilty to running LeakedSource[.]com

Hacking 200

Hacking Accountability Data breaches Marketing 200

Malwarebytes

MAY 5, 2022

Agent Tesla is a well-known data stealer written in.NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. pw accounts, various scams). Based on these profiles, we can see this threat actor has an extensive criminal record starting at least from 2014. Test successful!

Malware 76

Malware Scams Phishing Accountability 76

Security Affairs

SEPTEMBER 8, 2019

One million cracked Poshmark accounts being sold online. Experts devised advanced SMS phishing attacks against modern Android-based phones. Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Crooks stole €1.5 Pierluigi Paganini.

IoT 72

IoT Data breaches DNS Advertising 72

Cisco Security

OCTOBER 19, 2021

Valid Accounts [ T1178 ]. Phishing [ T1566 ]. Account Discovery [ T1087 ]. Valid Accounts [ T1078 ]. Valid Accounts [ T1078 ]. Valid Accounts [ T1078 ]. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. CVE-2014-7169.

Firewall 113

Firewall Authentication DNS Accountability 113

Security Affairs

APRIL 21, 2019

Attackers hacked support agent to access Microsoft Outlook email accounts. Gnosticplayers round 5 – 65 Million+ fresh accounts from 6 security breaches available for sale. Gnosticplayers round 5 – 65 Million+ fresh accounts from 8 security breaches available for sale. Analyzing OilRigs malware that uses DNS Tunneling.

Computers and Electronics 59

Computers and Electronics Spyware Data breaches Advertising 59

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078).

Computers and Electronics 79

Computers and Electronics Penetration Testing DNS Phishing 79

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 87

Malware DNS Financial Services Retail 87

Security Affairs

AUGUST 19, 2018

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. . · 2.6 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 44

Data breaches DNS Advertising Hacking 44

Security Affairs

SEPTEMBER 6, 2018

During that wave, we also observed OilRig leveraging additional compromised email accounts at the same government organization to send spear phishing emails delivering the OopsIE trojan as the payload instead of QUADAGENT.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Government 46

Government Phishing Malware Advertising 46

Security Affairs

MARCH 4, 2019

. “Most recently, Necurs has been seen pushing out infostealers and RATs, like AZOrult and FlawedAmmyy , to targeted hosts based on specific information found on infected hosts and deploying a new sophisticated.NET spamming module which can send spam using a victim’s email accounts.” ” continues the blog post.

DNS 77

DNS Banking Advertising Ransomware 77

Security Affairs

FEBRUARY 1, 2019

Other interesting function is “j2aYhH”: Figure 8 – Accounts and emails stealing. This function searches for all email accounts registered on victim machine. Last DNS activity was in December 2018. Figure 14 – previous DNS of C2. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware 82

Malware DNS Social Engineering Advertising 82

Herjavec Group

AUGUST 26, 2021

They hack into their teacher’s account and leave messages making fun of him. Air Force research facility, discover a password “sniffer” has been installed onto their network, compromising more than 100 user accounts. banks using the Zeus Trojan virus to crack open bank accounts and divert money to Eastern Europe.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135

Security Affairs

NOVEMBER 29, 2019

The group’s distinctive features are the high quality of their phishing attacks and the use of legitimate services, which makes it very difficult to detect its malicious activity in companies’ infrastructures. Silence reduced the use of phishing mail-outs, instead purchasing access to targeted banks from other groups (in particular TA505).

Banking 82

Banking Telecommunications Marketing Internet 82

SecureList

NOVEMBER 26, 2021

The attackers obtain initial access to a system by sending a spear-phishing email to the victim containing a Dropbox download link. While the MBR infection has been known since at least 2014, details on the UEFI bootkit were publicly revealed for the first time in our private report on FinSpy. So-called logs are among the most popular.

Malware 91

Malware Banking Energy and Utilities Accountability 91

eSecurity Planet

JULY 28, 2021

More robust security for Domain Name Systems (DNS). Custodian of the MediLedger Network, Chronicled first started deploying their blockchain platform in 2014 before zeroing in on life sciences in late 2016. Distributed PKI and multi-signature login capabilities. Verifying and logging software updates and downloads. Chronicled.

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

SecureList

OCTOBER 19, 2021

Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. It retrieves the DNS names of all the directory trees in the local computer’s forest. Trickbot was first discovered in October 2016.

Banking 139

Banking Passwords VPN Internet 139