Remove Accountability Remove DNS Remove Energy and Utilities
article thumbnail

The SOC files: Rumble in the jungle or APT41’s new target in Africa

SecureList

This is a Chinese-speaking cyberespionage group known for targeting organizations across multiple sectors, including telecom and energy providers, educational institutions, healthcare organizations and IT energy companies in at least 42 countries. Impacket was executed on it in the context of a service account.

article thumbnail

BlindEagle flying high in Latin America

SecureList

They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy and oil and gas companies, among others. Dynamic DNS services utilized for resolving the addresses of servers hosting the group’s malicious artifacts.

Phishing 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

IT threat evolution Q3 2021

SecureList

We have seen targeted attacks exploiting the vulnerability to target companies in research and development, the energy sector and other major industries, banking, the medical technology sector, as well as telecoms and IT. That library was then loaded by the legitimate MsMpEng.exe by utilizing the DLL side-loading technique.

Malware 132
article thumbnail

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

For advantages, private blockchains are more scalable and energy-efficient with suggested use cases of banking and supply chain management. More robust security for Domain Name Systems (DNS). Utilizing their open standard Blokcerts, companies can transparently manage identities and activity on a real-time secure blockchain.

article thumbnail

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

eSecurity Planet

You may use a VPN or install utilities to capture and forward traffic to other subnets, or configure proxychains. The root account grants the highest privileges, allowing pretty much any operation while remaining undetected, which is perfect for post-exploitation. If such a shell can be opened as a privileged user (e.g.,

article thumbnail

IT threat evolution Q3 2023

SecureList

DroxiDat, a lean variant of SystemBC that acts as a system profiler and simple SOCKS5-capable bot, was detected at an electric utility company. The C2 (command and control) infrastructure for the incident involved an energy-related domain, ‘powersupportplan[.]com’, com’, that resolved to an already suspicious IP host.

Malware 136