DNS, Hacking, Technology and Telecommunications

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers.

Ransomware

Ransomware Telecommunications DNS Hacking

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. A superficial analysis of the document content might conclude that this document was intended for individuals working with industrial control systems (ICS) or operational technology (OT).” Security experts at Dragos Inc.

DNS

DNS Penetration Testing Passwords Social Engineering

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As first detailed by KrebsOnSecurity in July 2016 , Orcus is the brainchild of John “Armada” Rezvesz , a Toronto resident who until recently maintained and sold the RAT under the company name Orcus Technologies. In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Marketing Software

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. SecurityAffairs – hacking, Operation Lyrebird). ” said Dmitry Volkov Group-IB CTO and Head of Threat Hunting Intelligence. Original post at [link]. Pierluigi Paganini.

Cybercrime

Cybercrime Phishing Banking Telecommunications

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group).

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

. “The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. “They are going after the internet infrastructure itself,” ICANN chief technology officer David Conrad told AFP. Pierluigi Paganini.

Internet

Internet Internet DNS Telecommunications

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

APT34: Glimpse project

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

One of the trends related to the active confrontation between attackers has been hacking back, i.e. when attackers become the victims of hacking. The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Pierluigi Paganini.

Banking

Banking Telecommunications Marketing Internet

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

We found the affected domains span across different types of organizations (including information technology, public administration, education, and finance and insurance etc.) Data ingestion through DNS logs are also helpful, but it might not capture the signals if the attacker utilizes public DNS such as Google DNS (8.8.8.8)

DNS

DNS Education Malware Telecommunications

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

SaveBreach reported SolarWinds was “using [an] unencrypted plain FTP server for their Downloads server in the age of global CDN technologies.” The National Telecommunications and Information Administration (NTIA) offers the concept of a Software Bill of Materials (SBOM) to address this problem. Mail DNS controls.

Software

Software Malware Authentication Penetration Testing

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

APT trends report Q1 2021

SecureList

APRIL 27, 2021

It was first publicly documented in 2014, in the aftermath of the Gamma Group hacking incident. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Malware

Malware Spyware Government Social Engineering

Cyber Security Informer

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Trending Sources

Lyceum APT made the headlines with attacks in Middle East

Canadian Police Raid ‘Orcus RAT’ Author

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

OilRig APT group: the evolution of attack techniques over time

ICANN warns of large-scale attacks on Internet infrastructure

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

APT34: Glimpse project

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Group-IB presents its annual report on global threats to stability in cyberspace

Iran-linked APT34: Analyzing the webmask project

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

Guarding Against Solorigate TTPs

Iranian Threat Actors: Preliminary Analysis

APT trends report Q1 2021

Stay Connected