Remove 2017 Remove DNS Remove Spyware
article thumbnail

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years. Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine.

DNS 123
article thumbnail

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

Security Affairs

The Russia-linked APT Gamaredon used two new Android spyware tools calledBoneSpyandPlainGnome against former Soviet states. Lookout linked BoneSpy and PlainGnome to Gamaredon due to shared IP infrastructure, domain naming conventions, and the use of dynamic DNS services like ddns[.]net, Armageddon , Primitive Bear, and ACTINIUM).

Mobile 98
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Security Affairs newsletter Round 221 – News of the week

Security Affairs

ViceLeaker Android spyware targets users in the Middle East. US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). Israeli blamed Russia for jamming at Israeli Ben Gurion airport.

Scams 70
article thumbnail

IT threat evolution Q3 2023

SecureList

However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org Instead, it tried to exploit the CVE-2017-0199 vulnerability. org domain.

Malware 138
article thumbnail

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

2002 – Internet Attack — By targeting the thirteen Domain Name System (DNS) root servers, a DDoS attack assaults the entire Internet for an hour. 2008 — Heartland Payment Systems — 134 million credit cards are exposed through SQL injection to install spyware on Heartland’s data systems. billion dollars in damages.

article thumbnail

APT trends report Q1 2021

SecureList

Further investigation of the Sunburst backdoor revealed several features that overlap with a previously identified backdoor known as Kazuar , a.NET backdoor first reported in 2017 and tentatively linked to the Turla APT group. webshells and Exaramel implants.

Malware 145
article thumbnail

IT threat evolution in Q2 2023

SecureList

Tomiris called, they want their Turla malware back We first reported Tomiris in September 2021, following our investigation into a DNS hijack against a government organization in the CIS (Commonwealth of Independent States). Using a number of vulnerabilities in iOS, the attachment is executed and installs spyware.

Malware 98