Penetration Testing

JUNE 9, 2025

Key tactics included: Obfuscation using ScatterBrain and ScatterBee Use of DLL hijacking DNS-over-HTTPS (DoH) for C2 communication Exploitation of vulnerable enterprise infrastructure (e.g., These implants exfiltrated sensitive files such as certificates and cryptocurrency keys via a custom PowerShell exfiltration script.

Penetration Testing 90

Penetration Testing Advertising Cybersecurity DNS 90

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn.

Cryptocurrency 141

Cryptocurrency Cybercrime DNS Malware 141

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. GuptiMiner connects directly to malicious DNS servers, bypassing the DNS network entirely. The final payload distributed by GuptiMiner was also XMRig.

Antivirus 130

Antivirus Malware DNS Cryptocurrency 130

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 68

Spyware Data breaches DNS Artificial Intelligence 68

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Malware 118

Malware DNS Cryptocurrency Internet 118

Security Affairs

SEPTEMBER 21, 2019

US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. The DNS redirection was discovered in a few hours, but it was enough for the hackers to steal more than $800,000 from the accounts of the EtherDelta users.

Hacking 104

Hacking DNS Cryptocurrency Accountability 104

Security Affairs

JANUARY 13, 2019

The threat actors use the.bit Top-Level Domain (TLD) for the Domain Name System (DNS) servers. bit” C&C domains was added to protect the C2 infrastructure, this TLD is associated with the cryptocurrency Namecoin and requires special DNS servers that the malware uses (dedsolutions[.]bit, SecurityAffairs – TA505, cybercrime).

Malware 111

Malware Financial Services DNS Retail 111

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS 110

DNS Antivirus Cryptocurrency Software 110

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS 145

DDOS Cryptocurrency Marketing Internet 145

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). Malware actor publishes the address of the Bot-A in DNS (or using any other public channel). Another malware Bot-B resolves the address of Bot-A using DNS (or using any other public channel). Security Affairs – cybercrime, Ramnit botnet).

Malware 73

Malware DNS Encryption Banking 73

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency. Lapsus$ group hacks Okta.

Phishing 132

Phishing Spyware Firmware Malware 132

CyberSecurity Insiders

JANUARY 25, 2022

While nearly 1,200 domains registered in 2021 included Omicron as a keyword, 832 were registered (70%) in a two-week timeframe between November 26 and December 9, with numerous domains causing traffic misdirection and redirection, soliciting donations, or promoting cryptocurrency investments.

Artificial Intelligence 52

Artificial Intelligence Phishing Technology DNS 52

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. The bug was named TsuNAME.

DDOS 144

DDOS DNS IoT Marketing 144

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. In addition, the size of the DDoS market is inversely proportional to that of the cryptocurrency market, which we’ve written about several times. fold increase.

DDOS 143

DDOS Cryptocurrency Marketing Accountability 143

SecureList

APRIL 27, 2022

This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. In July 2021, we reported the previously unknown Tomiris Golang backdoor , deployed against government organizations within a CIS country through DNS hijacking.

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

APRIL 6, 2025

CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog Russia-linked Gamaredon targets Ukraine with Remcos RAT CoffeeLoader uses a GPU-based packer to evade detection Morphing Meerkat phishing kits exploit DNS MX records CISA warns of RESURGE malware exploiting Ivanti flaw Sams Club Investigates Alleged Cl0p Ransomware (..)

DNS 63

DNS Malware Hacking Data breaches 63