2017, Architecture and DNS - Cyber Security Informer

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

Security Affairs

MAY 13, 2025

Marbled Dust has been active since at least 2017 and primarily targets organizations in Europe and the Middle East. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. Marbled Dust exploited CVE-2025-27920 after likely stealing credentials via DNS hijacking or typo-squatting.

DNS

DNS Telecommunications Architecture Media

How to Prevent DNS Attacks: DNS Security Best Practices

eSecurity Planet

DECEMBER 8, 2023

Domain name service (DNS) attacks threaten every internet connection because they can deny, intercept, and hijack connections. With the internet playing an increasing role in business, securing DNS plays a critical role in both operations and security. Everything You Need to Know.

DNS

DNS DDOS Firewall Architecture

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware

Malware DNS Encryption Cryptocurrency

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

SecureList

DECEMBER 14, 2023

Written in Go, it is flexible enough to generate binaries compatible with various architectures. A not-so-new attack vector Evidence collected and analyzed by GERT suggests that this attack exploited an old vulnerability related to Struts2 (CVE-2017-5638 – Apache Struts2), targeting a financial company. (#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#cont

Malware

Malware Architecture DNS DDOS

Rapid7 InsightIDR Review: Features & Benefits

eSecurity Planet

SEPTEMBER 24, 2021

Architecture: Identifies network resources and connectivity requirements for agents. InsightIDR comes with several dashboard views that give administrators visibility into network activity like firewall traffic, blocked traffic by port and IP, total DNS traffic, and DNS queries. Rapid7 Competitors. billion.

DNS

DNS Technology Cybersecurity Data collection

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Compared to its predecessors, the sixth “Hi-Tech Crime Trends” report is the first to contain chapters devoted to the main industries attacked and covers the period from H2 2018 to H1 2019, as compared to the period from H2 2017 to H1 2018. The development of 5G networks will create new threats to this industry.

Banking

Banking Telecommunications Marketing Internet

IT threat evolution Q1 2021

SecureList

MAY 31, 2021

Further investigation of the Sunburst backdoor revealed several features that overlap with a previously identified backdoor known as Kazuar , a.NET backdoor first reported in 2017 and tentatively linked to the Turla APT group. The sample extracts a URL from the “downloadURL” field for the next download.

Malware

Malware Adware Encryption Architecture

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In addition to the Meraki networking gear, Cisco Secure also shipped two Umbrella DNS virtual appliances to Black Hat Asia, for internal network visibility with redundancy, in addition to providing: . Malware Threat Intelligence made easy and available, with Cisco Secure Malware Analytics and SecureX by Ben Greenbaum .

Malware

Malware Accountability DNS Technology

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Prior to this date, in 2021, the domain was registered and hosted by a previous owner, with DNS resolution observed through October of 2021. After the new DNS registration by the Grand persona, the domain was initially live via authoritative DNS in regway.com on 2023-10-08, and then migrated to Cloudflare DNS on 2023-10-11.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

ForAllSecure

MARCH 24, 2020

or-later Section: utils Architecture: x86_64 Installed-Size: 11797 Filename: attr_2.4.48-2_x86_64.ipk It looks like the bug was introduced in February 2017, almost three years ago: [link]. The modification to /etc/hosts is required to emulate a man-in-the-middle (or compromised DNS) situation. Exploitation. Remediation.

DNS

DNS Software Architecture Accountability

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

ForAllSecure

MARCH 24, 2020

or-later Section: utils Architecture: x86_64 Installed-Size: 11797 Filename: attr_2.4.48-2_x86_64.ipk It looks like the bug was introduced in February 2017, almost three years ago: [link]. The modification to /etc/hosts is required to emulate a man-in-the-middle (or compromised DNS) situation. Exploitation. Remediation.

DNS

DNS Software Architecture Accountability

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

ForAllSecure

MARCH 25, 2020

or-later Section: utils Architecture: x86_64 Installed-Size: 11797 Filename: attr_2.4.48-2_x86_64.ipk It looks like the bug was introduced in February 2017, almost three years ago: [link]. The modification to /etc/hosts is required to emulate a man-in-the-middle (or compromised DNS) situation. Exploitation. Remediation.

DNS

DNS Software Architecture Accountability

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Fox IT

JUNE 23, 2020

Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Hence, TA505 activity is sometimes still reported as Evil Corp activity, even though these groups have not worked together since the second half of 2017. CobaltStrike C&C Domains.

Ransomware

Ransomware Encryption Malware Architecture

APT trends report Q1 2022

SecureList

APRIL 27, 2022

While we were unable to obtain the same results by analyzing the CERT-UA samples, we subsequently identified a different WhiteBlackCrypt sample matching the WhisperKill architecture and sharing similar code. On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware

Malware Firmware Government Phishing

Cyber Security Informer

APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq

How to Prevent DNS Attacks: DNS Security Best Practices

Trending Sources

StripedFly: Perennially flying under the radar

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

Rapid7 InsightIDR Review: Features & Benefits

Top SD-WAN Solutions for Enterprise Security

Group-IB presents its annual report on global threats to stability in cyberspace

IT threat evolution Q1 2021

Black Hat USA 2023 NOC: Network Assurance

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Mystic Stealer

UNCOVERING OPENWRT REMOTE CODE EXECUTION (CVE-2020-7982)

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

Uncovering OpenWRT Remote Code Execution (CVE-2020-7982)

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

APT trends report Q1 2022

Stay Connected