2007 and DNS - Cyber Security Informer

Joint Advisory Warns of Fast Flux DNS Tactics Evading Detection

SecureWorld News

APRIL 8, 2025

Fast flux is a method used by cybercriminals to rapidly change Domain Name System (DNS) records, such as IP addresses, associated with a single domain. Double flux: In addition to rotating IP addresses, the DNS name servers resolving the domain also change frequently, adding layers of redundancy and anonymity. Fast flux DNS is not new.

DNS

DNS Government Cybersecurity Malware

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Phishing DNS VPN

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. “The technique relies on a DNS Tunneling communication channel through a custom implementation of the iodine source code , an open-source software that enables the tunneling of IPv4 data through a DNS server.

DNS

DNS Malware Advertising Software

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. This script shows a social engineering message, such as a Flash update popup or a DNS error, and attempts to trick the victim into downloading a malicious file deploy a Cobalt Strike loader.

Cryptocurrency

Cryptocurrency Media Social Engineering Phishing

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. . ” concludes the report.

Phishing

Phishing Accountability Advertising DNS

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

In 2007, Salomon collected more than $3,000 from botmasters affiliated with competing spam affiliate programs that wanted to see Spamhaus suffer, and the money was used to fund a week-long distributed denial-of-service (DDoS) attack against Spamhaus and its online infrastructure. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

Developed by the SANS Institute in 2007, SIFT works on 64-bit OS, automatically updates the software with the latest forensic tools and techniques, and is a memory optimizer. The first version of Volatility was launched at Black Hat and DefCon in 2007 and based its services around academic research into advanced memory analysis and forensics.

Software

Software Computers and Electronics Marketing Mobile

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. Each variant spotted by the experts was targeting different services and ports, including DNS over TCP (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Windows Remote Management (5985).

Manufacturing

Manufacturing Mobile Malware Software

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2007-1036. Command and Control activity came in third, where 48.7 percent of organizations saw traffic of this type. CVE-2018-10562.

Firewall

Firewall Authentication DNS Accountability

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. Each variant spotted by the experts was targeting different services and ports, including DNS over TCP (53), HTTP (80), HTTPS (443), Remote Desktop Protocol (3389) and Windows Remote Management (5985).

Malware

Malware Passwords Advertising DNS

QakBot technical analysis

SecureList

SEPTEMBER 2, 2021

It was found in the wild in 2007 and since then it has been continually maintained and developed. Hooking module – hooks a hardcoded set of WinAPI and (if they exist) Mozilla DLL Hooking is used to perform web injects, sniff traffic and keyboard data and even prevent DNS resolution of certain domains. Main description.

Passwords

Passwords Encryption Banking Malware

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1998-2007 — Max Butler — Max Butler hacks U.S. In 2007, he is arrested and eventually pleads guilty to wire fraud, stealing millions of credit card numbers and around $86 million of fraudulent purchases. Investigators determined that two hackers, known as Datastream Cowboy and Kuji, are behind the attack. billion dollars in damages.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

JULY 28, 2021

Founded in 2007, Guardtime is a network security company that specializes in deploying distributed, virtualized machines built to execute tasks with cryptographic proofs of correctness. More robust security for Domain Name Systems (DNS). KSI Innovator: Estonia’s Guardtime. Distributed PKI and multi-signature login capabilities.

Cybersecurity

Cybersecurity Cryptocurrency Technology Energy and Utilities

SW Labs | Review: ImmuniWeb Discovery

SC Magazine

APRIL 22, 2021

This approach extends far beyond assets with an IP address, however, including everything from certificates to S3 buckets to DNS misconfigurations. An application penetration tester by trade, Ilia Kolochenko founded his first cybersecurity consulting firm named High-Tech Bridge in 2007. Company background. Deployment and configuration.

Penetration Testing

Penetration Testing DNS Mobile Marketing

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Banking Energy and Utilities Accountability

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As KrebsOnSecurity noted in 2016 , in conjunction with his RAT Rezvesz also sold and marketed a bulletproof “dynamic DNS service” that promised not to keep any records of customer activity. Rezvesz appears to have a flair for the dramatic , and has periodically emailed this author over the years.

Advertising

Advertising Malware Software Marketing

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Krebs on Security

JUNE 20, 2024

Meanwhile, DomainTools.com reports difive.com was originally registered in 2007 to the fictitious Gary Norden from Massachusetts. A spreadsheet of those historical DNS entries for radaris.com is available here (.csv). Archive.org’s record of humanbook.com from 2008, just after its homepage changed to Radaris Beta.

Marketing

Marketing Telecommunications DNS Data privacy

Cyber Security Informer

Joint Advisory Warns of Fast Flux DNS Tactics Evading Detection

France links Russian APT28 to attacks on dozen French entities

Trending Sources

China-linked Winnti APT targets South Korean Gaming firm

Financially motivated Earth Lusca threat actors targets organizations worldwide

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Best Digital Forensics Tools & Software for 2021

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Threat Trends: Firewall

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

QakBot technical analysis

Cyber CEO: The History Of Cybercrime, From 1834 To Present

The State of Blockchain Applications in Cybersecurity

SW Labs | Review: ImmuniWeb Discovery

IT threat evolution Q3 2021

Canadian Police Raid ‘Orcus RAT’ Author

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

Stay Connected