article thumbnail

Lyceum.NET DNS Backdoor

Security Boulevard

Key Features of this attack: The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool “DIG.net”. The malware leverages a DNS attack technique called "DNS Hijacking" in which an attacker- controlled DNS server manipulates the response of DNS queries and resolve them as per their malicious requirements.

DNS 98
article thumbnail

Iran-linked Lyceum APT adds a new.NET DNS Backdoor to its arsenal

Security Affairs

Iran-linked Lyceum APT group uses a new.NET-based DNS backdoor to target organizations in the energy and telecommunication sectors. The Iran-linked Lyceum APT group, aka Hexane or Spilrin, used a new.NET-based DNS backdoor in a campaign aimed at companies in the energy and telecommunication sectors, ZScaler researchers warn.

DNS 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

SecureList

Kaspersky has been investigating the actor’s activity throughout 2022, and we observed a DNS changer function used for getting into Wi-Fi routers and undertaking DNS hijacking. At that time, the criminals compromised Wi-Fi routers for use in DNS hijacking, which is a very effective technique. Agent.eq (a.k.a

DNS 123
article thumbnail

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. “In short, B1txor20 is a Backdoor for the Linux platform, which uses DNS Tunnel technology to build C2 communication channels. In this way, Bot and C2 achieve communication with the help of DNS protocol.”

DNS 136
article thumbnail

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS.

DNS 271
article thumbnail

What Is DNS Spoofing and How Is It Prevented?

Security Boulevard

What Is DNS Spoofing and How Is It Prevented? What Is the DNS and DNS Server? . To fully understand DNS spoofing, it’s important to understand DNS and DNS servers. The DNS “domain name system” is then what translates the domain name into the right IP address. What Is DNS Spoofing? .

DNS 98
article thumbnail

What is DNS Spoofing and Cache Poisoning?

Security Boulevard

In April 2022, hackers targeted the customers of eight Malaysian banks by urging them to download malicious apps. The post What is DNS Spoofing and Cache Poisoning? The post What is DNS Spoofing and Cache Poisoning? The apps stole user credentials and forwarded the messages to the malware operators. appeared first on EasyDMARC.

DNS 70