Security Affairs

JUNE 18, 2020

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years. Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine.

DNS 82

DNS Advertising Spyware Software 82

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 91

Malware Ransomware Encryption Energy and Utilities 91

SecureList

APRIL 27, 2021

During routine monitoring of detections for FinFisher spyware tools, we discovered traces that point to recent FinFly Web deployments. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware 138

Malware Spyware Government Social Engineering 138

Herjavec Group

AUGUST 26, 2021

2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack assaults the entire Internet for an hour. 2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install spyware on Heartland’s data systems. billion dollars in damages.

Cybercrime 135

Cybercrime Computers and Electronics Banking Hacking 135