2018, DNS and Hacking - Cyber Security Informer

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. ” concludes the report.

DNS

DNS Firewall DDOS Hacking

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Security Affairs

JANUARY 22, 2023

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Agent.eq (a.k.a

DNS

DNS Mobile Malware Hacking

Out of Band (OOB) Data Exfiltration via DNS

The State of Security

MARCH 31, 2022

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. One […]… Read More.

DNS

DNS Hacking

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

JUNE 11, 2022

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS

DNS Telecommunications Malware Phishing

Out of Band (OOB) Data Exfiltration via DNS

Security Boulevard

MARCH 31, 2022

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. One […]… Read More.

DNS

DNS Hacking

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] 15, 2018, the Royal Canadian Mounted Police (RCMP) charged then 27-year-old Bloom, of Thornhill, Ontario, with selling stolen personal identities online through the website LeakedSource[.]com.

Hacking

Hacking Accountability Data breaches Marketing

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking

Hacking Social Engineering Phishing Scams

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” SecurityAffairs – hacking, malware). Pierluigi Paganini.

Malware

Malware Phishing DNS Cybercrime

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

In July 2018, email users around the world began complaining of receiving spam which began with a password the recipient used at some point in the past and threatened to release embarrassing videos of the recipient unless a bitcoin ransom was paid. 13, 2018 bomb threat hoax. based domain name registrar and hosting provider.

DNS

DNS Internet Internet Computers and Electronics

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Hackers use hackers spreading tainted hacking tools in long-running campaign

Security Affairs

MARCH 10, 2020

Who is hacking the hackers? Experts from Cybereason a mysterious hackers group is targeting other hackers by spreading tainted hacking tools. Experts from security firm Cybereason warn of a mysterious group of hackers that are distributing trojanized hacking tools on an almost daily basis for the past years.

Hacking

Hacking Malware Advertising DNS

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

PT Monday evening, Escrow.com’s website looked radically different: Its homepage was replaced with a crude message in plain text: The profanity-laced message left behind by whoever briefly hijacked the DNS records for escrow.com. Running a reverse DNS lookup on this 111.90.149[.]49 Image: Escrow.com.

Phishing

Phishing DNS Social Engineering Accountability

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. com , an Arabic-language computer hacking forum. But he denied ever participating in illegal hacking activities.

DNS

DNS Penetration Testing Malware Hacking

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

Hackers were also quick to pounce on the disruption caused by the 2018 shutdown of the U.S. ” Hacking campaigns exploiting poor domain name security can be more subtle. That spells trouble if you’re the one that gets hacked. federal government to hijack and tamper with government domain name entries.

Hacking

Hacking Retail Cyber Insurance Authentication

BIND DNS software includes a security feature that could be abused to cause DoS condition

Security Affairs

AUGUST 9, 2018

The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The vulnerability tracked as CVE-2018-5740 was discovered by Tony Finch of the University of Cambridge. Pierluigi Paganini.

DNS

DNS Software Advertising Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. SecurityAffairs – hacking, botnet).

DNS

DNS Cryptocurrency Internet Internet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Ryuk first appeared in the threat landscape in August 2018 as a derivative of the Hermes 2.1 SecurityAffairs – hacking, ransomware). Pierluigi Paganini.

Healthcare

Healthcare Ransomware Cybercrime DNS

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

DECEMBER 20, 2018

In a complaint unsealed today, the Justice Department said that although FBI agents identified at least 60 different booter services operating between June and December 2018, they discovered not all were fully operational and capable of launching attacks. That way, when the DNS servers respond, they reply to the spoofed (target) address.

DNS

DNS Computers and Electronics Government Internet

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

The flaw discovered by SEC Consult Vulnerability Lab researchers has been tracked as CVE-2018-9195, the experts also published a proof-of-concept (PoC) code to trigger it. “ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Pierluigi Paganini.

Encryption

Encryption Antivirus DNS Advertising

Recent Roaming Mantis campaign hit hundreds of users worldwide

Security Affairs

APRIL 8, 2019

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Attackers used a new method of phishing with malicious mobile configurations along with previously observed DNS manipulation technique. SecurityAffairs – Roaming Mantis, hacking). Pierluigi Paganini.

DNS

DNS Mobile Phishing Malware

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

guru’s registration records also are hidden, yet passive domain name system (DNS) records for both cryptor[.]biz guru show that in 2018 the domains were forwarding incoming email to the address obelisk57@gmail.com. has been associated with the user Kerens on the Russian hacking forum Exploit from 2011 to the present day.

Malware

Malware Antivirus Cybercrime Hacking

Microsoft releases open-source tool for checking MikroTik Routers compromise

Security Affairs

MARCH 17, 2022

The attack chain against the routers starts with brute-force attacks or by exploiting the CVE-2018-14847 flaw that allows reading a file that contains passwords. SecurityAffairs – hacking, RouterOS Scanner). Microsoft has analyzed how the malware compromised MikroTik routers and developed a tool to detect signs of compromise.

Malware

Malware DNS Passwords Ransomware

Russia-linked InvisiMole APT targets state organizations of Ukraine

Security Affairs

MARCH 21, 2022

Then the backdoor contacts the command-and-control (C2) server to downloads and executes other malicious payloads, including the TunnelMole, malware that abuses the DNS protocol to establish a tunnel for malicious purposes, and RC2FM and RC2CL. SecurityAffairs – hacking, InvisiMole). ” reads the advisory published by CERT-UA.

Spyware

Spyware DNS Phishing Government

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Crackonosh has been active since at least June 2018, upon executing an illegal or cracked copy of legitimate software, the malicious code drops an installer and a script that modifies the Windows registry to allow the main malware executable to run in Safe mode. SecurityAffairs – hacking, Crackonosh). Pierluigi Paganini.

Antivirus

Antivirus Cryptocurrency Malware Software

Security Affairs newsletter Round 312

Security Affairs

MAY 2, 2021

SecurityAffairs – hacking, Mac OS zero-day). Every week the best security articles from Security Affairs free for you in your email box. Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Password Management

Password Management DNS Ransomware Malware

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

Security Affairs

JUNE 4, 2020

.” According to the Japanese security expert Masafumi Negishi, threat actors modified the primary DNS entry for the coincheck.com domain. ???????????? Coincheck uses Amazon’s managed DNS service, the attackers first registered a fake domain to the AWS server and replaced the legitimate awsdns-61.org NS ????????????

Accountability

Accountability Phishing DNS Cryptocurrency

The kingpin behind Joker’s Stash retires with a billionaire exit

Security Affairs

FEBRUARY 14, 2021

The administrators always claimed the exclusivity of their offer that is based on “self-hacked bases.”. The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS. SecurityAffairs – hacking, Joker’s Stash). ” continues Elliptic. Pierluigi Paganini.

Cybercrime

Cybercrime Backups DNS Hacking

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

Security Affairs

SEPTEMBER 14, 2018

“In August 2018, Unit 42 observed OilRig targeting a government organization using spear-phishing emails to deliver an updated version of a Trojan known as BONDUPDATER. As expected, OilRig is continuing their onslaught of attacks well into 2018 with continued targeting in the Middle East. Pierluigi Paganini.

DNS

DNS Phishing Government Malware

xHunt hackers hit Microsoft Exchange with two news backdoors

Security Affairs

NOVEMBER 9, 2020

Experts attribute the attack to a known threat actor tracked as xHunt , aka Hive0081, which was first discovered in 2018. “The Snugy backdoor uses a DNS tunneling channel to run commands on the compromised server. SecurityAffairs – hacking, Microsoft Exchange). ” reads the analysis published by the experts.

DNS

DNS Accountability Government Cyber Attacks

Roaming Mantis SMSishing campaign now targets Europe

Security Affairs

FEBRUARY 8, 2022

Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Since then, the criminal group has continued its attack activities by using various malware families such as HEUR:Trojan-Dropper.AndroidOS.Wroba, and various attack methods such as phishing, mining, smishing and DNS poisoning.

Phishing

Phishing DNS Malware Hacking

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

The group was first spotted by ESET in 2018, when the experts detected a sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the previous five years. Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine.

DNS

DNS Advertising Spyware Software

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs

DECEMBER 11, 2018

The Novidade exploit kit leverages cross-site request forgery (CSRF) to change the Domain Name System (DNS) settings of SOHO routers and redirect traffic from the connected devices to the IP address under the control of the attackers. Security Affairs – Novidade exploit kit, hacking). ” continues the analysis.

DNS

DNS Advertising Firmware Banking

Security Affairs newsletter Round 176 – News of the week

Security Affairs

AUGUST 19, 2018

million) in just in 2 days. · CVE-2018-14023 – Recovering expired messages from Signal. · Linux Kernel Project rolled out security updates to fix two DoS vulnerabilities. · 2.6 billion records exposed in 2,308 disclosed data breaches in H1. · Marap modular downloader opens the doors to further attacks.

Data breaches

Data breaches DNS Advertising Hacking

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As KrebsOnSecurity noted in 2016 , in conjunction with his RAT Rezvesz also sold and marketed a bulletproof “dynamic DNS service” that promised not to keep any records of customer activity. ” “I am not your A-typical computer geek, Brian,” he wrote in a 2018 email. “I

Advertising

Advertising Malware Marketing Software

Security Affairs newsletter Round 192 – News of the week

Security Affairs

DECEMBER 16, 2018

Expert devised a new WiFi hack that works on WPA/WPA2. Hackers defaced Linux.org with DNS hijack. New threat actor SandCat exploited recently patched CVE-2018-8611 0day. French foreign ministry announced its Travel Alert Registry Hack. Which are the worst passwords for 2018? WordPress version 5.0.1

DNS

DNS Advertising DDOS Government

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. ” The GALLIUM threat actor is active, but its activity was more intense between 2018 and mid-2019. . SecurityAffairs – GALLIUM, hacking). ” continues the analysis.

Telecommunications

Telecommunications DNS Malware Advertising

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Security Affairs

MAY 15, 2023

“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018.” The intelligence-gathering campaign started in mid-2022 and is likely still ongoing. ” reads the analysis published by Symantec.

Encryption

Encryption DNS Phishing Malware

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud. .

Cybercrime

Cybercrime DNS Malware Advertising

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

According to Dragos, the Hexane group has been active since at least the middle of 2018, it intensified its activity since early 2019 with an escalation of tensions within the Middle East. The malware uses DNS and HTTP-based communication mechanisms. Experts pointed out that Lyceum does not use sophisticated hacking techniques.

DNS

DNS Penetration Testing Passwords Social Engineering

Phishers are Angling for Your Cloud Providers

Krebs on Security

AUGUST 30, 2019

But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. based United Rentals [ NYSE:URI ] is the world’s largest equipment rental company, with some 18,000 employees and earnings of approximately $4 billion in 2018. Stamford, Ct.-based

Phishing

Phishing Marketing Accountability DNS

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

Attackers also noticed that systems infected with the above two families were also targeted with the RoyalDNS malware that uses DNS to communicate with the C&C server. Once executed the command the backdoor returns output through DNS. SecurityAffairs – APT15, hacking). Pierluigi Paganini.

DNS

DNS Malware Advertising Manufacturing

FIN7 Hackers group is back with a new loader and a new RAT

Security Affairs

OCTOBER 12, 2019

FireEye Mandiant discovered that the FIN7 hacking group added new tools to its cyber arsenal, including a module to target remote administration software of ATM vendor. The messages sent to the victims were also dropping the backdoor DNSbot that primarily operates over DNS traffic. SecurityAffairs – FIN7, hacking).

Identity Theft

Identity Theft Hacking Advertising DNS

Your Work Email Address is Your Work's Email Address

Troy Hunt

JULY 21, 2021

Not only do they control the access rights to the mailbox, they also control DNS and MX records therefore they control the routing of emails. But what's not nuanced and not up for debate is whether the employer has the ability to inspect the email accounts on their domains.

Accountability

Accountability Data breaches Government InfoSec

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Trending Sources

Out of Band (OOB) Data Exfiltration via DNS

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Out of Band (OOB) Data Exfiltration via DNS

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

When Low-Tech Hacks Cause High-Impact Breaches

Threat actor has been targeting the aviation industry since at least 2018

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Hackers use hackers spreading tainted hacking tools in long-running campaign

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

French Firms Rocked by Kasbah Hacker?

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

BIND DNS software includes a security feature that could be abused to cause DoS condition

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Some Fortinet products used hardcoded keys and weak encryption for communications

Recent Roaming Mantis campaign hit hundreds of users worldwide

Why Malware Crypting Services Deserve More Scrutiny

Microsoft releases open-source tool for checking MikroTik Routers compromise

Russia-linked InvisiMole APT targets state organizations of Ukraine

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs newsletter Round 312

Hackers hijacked Coincheck ‘s domain registrar account and targeted some users

The kingpin behind Joker’s Stash retires with a billionaire exit

Iran-Linked OilRig APT group targets high-ranking office in a Middle Eastern nation

xHunt hackers hit Microsoft Exchange with two news backdoors

Roaming Mantis SMSishing campaign now targets Europe

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Novidade, a new Exploit Kit is targeting SOHO Routers

Security Affairs newsletter Round 176 – News of the week

Canadian Police Raid ‘Orcus RAT’ Author

Security Affairs newsletter Round 192 – News of the week

GALLIUM Threat Group targets global telcos, Microsoft warns

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Chinese-speaking cybercrime gang Rocke changes tactics

Lyceum APT made the headlines with attacks in Middle East

Phishers are Angling for Your Cloud Providers

China-Linked APT15 group is using a previously undocumented backdoor

FIN7 Hackers group is back with a new loader and a new RAT

Your Work Email Address is Your Work's Email Address

Stay Connected