2007, DNS and Malware - Cyber Security Informer

Joint Advisory Warns of Fast Flux DNS Tactics Evading Detection

SecureWorld News

APRIL 8, 2025

Fast flux is a method used by cybercriminals to rapidly change Domain Name System (DNS) records, such as IP addresses, associated with a single domain. Double flux: In addition to rotating IP addresses, the DNS name servers resolving the domain also change frequently, adding layers of redundancy and anonymity. Fast flux DNS is not new.

DNS

DNS Government Cybersecurity Malware

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Government

Government Phishing DNS VPN

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

APRIL 22, 2020

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The malware sample employed in the attack resembled a Winnti dropper previously analyzed by ESET researcher that was submitted to a public online malware scanning service.

DNS

DNS Malware Advertising Software

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages.

Phishing

Phishing Accountability Advertising DNS

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. ” The threat actors were observed deploying Cobalt Strike in the infected networks, along with a set of additional malware and web shells.

Cryptocurrency

Cryptocurrency Social Engineering Media Phishing

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

Security experts have a new malware, dubbed skip-2.0 Security experts at ESET have discovered a new malware, dubbed skip-2.0, The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. malware to control Microsoft SQL Servers appeared first on Security Affairs.

Malware

Malware Passwords Advertising DNS

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

Researchers also discovered that the APT group used an updated version of its ShadowPad malware. The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007. The update to the ShadowPad malware shows they are still developing and using it. Pierluigi Paganini.

Manufacturing

Manufacturing Mobile Malware Software

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware

Malware Banking Energy and Utilities Accountability

QakBot technical analysis

SecureList

SEPTEMBER 2, 2021

It was found in the wild in 2007 and since then it has been continually maintained and developed. However, there is another infection vector that involves a malicious QakBot payload being transferred to the victim’s machine via other malware on the compromised machine. Main description. logins, passwords, etc.),

Encryption

Encryption Passwords Banking Malware

Threat Trends: Firewall

Cisco Security

OCTOBER 19, 2021

There are other protection mechanisms, such as Malware Defense , that can block further threats. Much of this traffic is comprised of suspicious DNS queries, which point to known or likely Command and Control sites. DNS BIND information disclosure attempts were also commonly encountered. CVE-2007-1036. CVE-2018-10562.

Firewall

Firewall Authentication DNS Accountability

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1998-2007 — Max Butler — Max Butler hacks U.S. After being released in 2003, he uses WiFi to commit attacks, program malware and steal credit card information. In 2007, he is arrested and eventually pleads guilty to wire fraud, stealing millions of credit card numbers and around $86 million of fraudulent purchases.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. According to Rezvesz himself, he is no stranger to the Canadian legal system.

Advertising

Advertising Malware Marketing Software

Cyber Security Informer

Joint Advisory Warns of Fast Flux DNS Tactics Evading Detection

France links Russian APT28 to attacks on dozen French entities

Trending Sources

China-linked Winnti APT targets South Korean Gaming firm

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Financially motivated Earth Lusca threat actors targets organizations worldwide

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

IT threat evolution Q3 2021

QakBot technical analysis

Threat Trends: Firewall

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Canadian Police Raid ‘Orcus RAT’ Author

Stay Connected