Remove 2017 Remove Cryptocurrency Remove DNS
article thumbnail

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

The site’s true WHOIS registration records have always been hidden by privacy protection services, but there are plenty of clues in historical Domain Name System (DNS) records for WorldWiredLabs that point in the same direction. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com

DNS 334
article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks. 26, 2017 on the now-defunct carding site Joker’s Stash has been tied to a breach at Sonic Drive-In.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The BlueNoroff cryptocurrency hunt is still on

SecureList

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Instead, they can rely on regular macro-enabled documents or older exploits.

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

The hackers were able to change the Domain Name System (DNS) records for the transaction brokering site escrow.com so that it pointed to an address in Malaysia that was host to just a few other domains, including the then brand-new phishing domain servicenow-godaddy[.]com.

Hacking 346
article thumbnail

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

DNS 145
article thumbnail

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. Six days later, on December 19, 2017.

Hacking 104
article thumbnail

StripedFly: Perennially flying under the radar

SecureList

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. 8, 15.0.0.0/8, 8, 16.0.0.0/8,

Malware 144