Security Boulevard

JUNE 9, 2022

Active since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on.NET based malwares. The text of the document is copied from the following original report here: https[:]//www[.]rferl[.]org/a/iran-drone-program-threats-interests/31660048.html.

DNS 98

DNS Malware Energy and Utilities Telecommunications 98

Krebs on Security

APRIL 13, 2022

Nine of the updates pushed this week address problems Microsoft considers “critical,” meaning the flaws they fix could be abused by malware or malcontents to seize total, remote access to a Windows system without any help from the user. . “Go patch your systems before that situation changes.”. 10 being the worst).

DNS 332

DNS Internet Internet Firewall 332

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 121

Malware DNS Cryptocurrency Internet 121

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 2 – Document view inviting to enable macro. Figure 14 – previous DNS of C2.

Malware 109

Malware DNS Social Engineering Advertising 109

Krebs on Security

AUGUST 30, 2019

On August 21, multiple United Rental customers reported receiving invoice emails with booby-trapped links that led to a malware download for anyone who clicked. While phony invoices are a common malware lure, this particular campaign sent users to a page on United Rentals’ own Web site (unitedrentals.com).

Phishing 256

Phishing Marketing Accountability DNS 256

Security Affairs

JANUARY 14, 2021

Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax , against Colombian entities exclusively. ESET also documented the use of heavily obfuscated AutoIt droppers, in this attack scenario the first-stage malware performs the injection and execution of the payload. Pierluigi Paganini.

Malware 141

Malware Surveillance Phishing Government 141

Security Affairs

AUGUST 31, 2022

A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. Pierluigi Paganini.

Malware 98

Malware DNS Antivirus Encryption 98

Security Boulevard

AUGUST 6, 2024

Threat Intelligence Report Date: August 6, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain.

DNS 69

DNS Malware Social Engineering Software 69

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. ” reads the analysis published by Palo Alto Networks. Pierluigi Paganini.

Banking 110

Banking Malware Advertising DNS 110

Security Affairs

MARCH 22, 2019

The financially-motivated hacking group FIN7 is back and used a new piece of malware in a recent hacking campaign. Security experts at Flashpoint revealed that the financially-motivated cybercrime group FIN7 (aka Anunak and Carbanak ) used new malware in a recent hacking campaign. ” continues the analysis. Pierluigi Paganini.

Malware 109

Malware Identity Theft Cybercrime Hacking 109

Security Affairs

APRIL 24, 2019

Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. ” reads the analysis published by Talos. ” continues the experts.

Malware 97

Malware DNS Advertising Hacking 97

Security Affairs

JANUARY 19, 2019

Threat actors focused their activity in the Middle East, they used weaponized Microsoft Excel documents to compromise victims’ systems. On January 9, experts at 360’s Threat Intelligence Center (360 TIC) first observed attacks leveraging lure Excel documents written in Arabic. That macro drops 12-B-366.txt gogle [. ]

DNS 110

DNS Penetration Testing Malware Advertising 110

SecureList

OCTOBER 18, 2021

Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++. As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP.

DNS 133

DNS Telecommunications Malware Accountability 133

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware 103

Malware Phishing DNS Engineering 103

Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. This is where Protective DNS comes in. Phishing attacks are becoming more automated.

DNS 64

DNS Phishing Social Engineering Engineering 64

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link. This backdoor is custom malware, likely developed by or for Coldriver, called Spica.

Social Engineering 122

Social Engineering Government Media DNS 122

Security Affairs

JULY 24, 2024

The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. “ The APT group was spotted using the malware families in attacks against Taiwanese organizations and a U.S.

Malware 135

Malware DNS Hacking Information Security 135

Fox IT

AUGUST 11, 2022

A recently uncovered malware sample dubbed ‘Saitama’ was uncovered by security firm Malwarebytes in a weaponized document, possibly targeted towards the Jordan government. This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection.

DNS 66

DNS Engineering Malware Encryption 66

Security Affairs

SEPTEMBER 14, 2018

“The spear-phishing email had an attached Microsoft Word document that contained a macro responsible for installing a new variant of BONDUPDATER.” The spear-phishing messages use a weaponized document with a macro responsible for downloading and executing a new variant of BondUpdater. ” continues the experts.

DNS 104

DNS Phishing Government Malware 104

Security Affairs

AUGUST 27, 2019

The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane. Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.”

DNS 107

DNS Penetration Testing Passwords Social Engineering 107

Cisco Security

MAY 12, 2022

Since the rapid escalation of the conflict in 2022, security researchers and analysts have been gathering information regarding the adversarial groups, malware, techniques, and types of attacks implemented [1, 5, 6]. Some of the groups and malware related to the conflict are described in Table 1: Threat Actor. Office Open XML Document.

Malware 134

Malware DNS DDOS Phishing 134

Security Affairs

DECEMBER 5, 2020

The backdoor uses multiple tricks to evade detection and leverages DNS over HTTPS (DoH) to communicate with its C2 server, using Cloudflare responders. Once executed the command, the malware the malicious code sends back command execution results. “On

DNS 125

DNS Phishing Encryption Antivirus 125

Cisco Security

JUNE 13, 2022

Malware,” the machine says with little explanation, followed by a horde of gibberish-looking data of network flows, executable traces, and so on. For example, the security event might involve requests to communicate with an IP address, and the analyst would say, “This IP address belongs to my DNS server, so the traffic is legitimate.”

DNS 141

DNS Engineering Authentication Malware 141

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 106

Social Engineering Engineering DNS Accountability 106

Malwarebytes

MAY 10, 2022

The email contained a malicious Excel document that drops a new backdoor named Saitama. Excel document. The document has an image that tries to convince the victim to enable a macro. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol.

Government 145

Government DNS Telecommunications Accountability 145

SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. A document sent from one colleague to another on a topic, which is currently being discussed, is unlikely to trigger any suspicion.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

APRIL 2, 2020

“The samples documented in this article spread outside of the Google Play Store and exclusively target users who sideload applications on their Droids.” ddns.net:4444, which is a dynamic DNS service that allows a user with a dynamic IP address to map it to a subdomain. SecurityAffairs – malware, Coronavirus).

Mobile 141

Mobile Advertising DNS Malware 141

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Malware 111

Malware Financial Services DNS Retail 111

SecureList

SEPTEMBER 29, 2021

While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims. DNS hijacking. Background. In December 2020, news of the SolarWinds incident took the world by storm.

DNS 142

DNS Malware Encryption Engineering 142

Security Affairs

JULY 28, 2024

Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections Progress Software fixed (..)

Spyware 124

Spyware Data breaches Cybercrime Banking 124

Malwarebytes

JULY 19, 2021

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk , and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster approaching a terminal dip?

DNS 106

DNS VPN Retail Data breaches 106

Malwarebytes

MAY 5, 2022

The technique is really simple as it only requires an email account that sends messages to itself containing stolen credentials for each victim that executed the malware on their computer. Fast forward to 2020, and the threat actor has graduated to malware distributor. Test successful! ” from the same machine. titan.email (.pw

Malware 100

Malware Scams Phishing Accountability 100

Security Affairs

SEPTEMBER 18, 2021

The group is suspected to have been running successful malware campaigns for more than five years. The attackers have used off-the-shelf malware since the beginning of their operations and have never developed their own malware. SecurityAffairs – hacking, malware). ” concludes the experts. Pierluigi Paganini.

Malware 126

Malware Phishing DNS Cybercrime 126

Security Affairs

JUNE 18, 2020

They use DNS tunneling for stealthier C&C communications, and place execution guardrails on the malicious components to hide the malware from security researchers.” Experts also observed attackers using a DNS downloader that was designed for long-term, covert access to the target machine.

DNS 124

DNS Advertising Spyware Software 124

Security Affairs

NOVEMBER 5, 2021

Over the past months, other ransomware gangs, including Conti and Lockfile , exploited ProxyShell flaws to deliver their malware. The Tortilla group is demanding a $10,000 USD ransom in Monero to recover the encrypted documents. ” reads the analysis published by Talos. Germany, Ukraine, Finland, Brazil, Honduras and Thailand.

Ransomware 145

Ransomware Backups Encryption DNS 145

Security Affairs

FEBRUARY 12, 2024

While they can’t directly read your password, they can still download malware or gather enough information to steal your identity. DNS Spoofing DNS (Domain Name System) is like the internet’s phone book, translating domain names into IP addresses.

DNS 144

DNS VPN Encryption Passwords 144

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016. Leaked Source code.

DNS 108

DNS Computers and Electronics Penetration Testing Government 108