DNS, Malware, Technology and Telecommunications

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. net” and “ett[.]hopto[.]org”

Malware

Malware Telecommunications DNS Hacking

Sunburst: connecting the dots in the DNS requests

SecureList

DECEMBER 18, 2020

For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes. In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. Low-level details.

DNS

DNS Telecommunications Malware Encryption

Lyceum group reborn

SecureList

OCTOBER 18, 2021

Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++. As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP.

DNS

DNS Telecommunications Malware Accountability

What are Common Types of Social Engineering Attacks?

eSecurity Planet

JULY 29, 2021

These types of attacks usually involve spoofed emails that attempt to impersonate a legitimate sender and convince the recipient to divulge confidential information or click a link or attachment that’s laced with malware. Any action that the user takes in response usually results in a malware launch or a similar kind of attack.

Social Engineering

Social Engineering Engineering Phishing DNS

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Ransomware

Ransomware Telecommunications DNS Hacking

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Marketing Software

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” Security experts at Dragos Inc.

DNS

DNS Penetration Testing Passwords Social Engineering

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. Exploit Technique Over Time.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

How we protect our users against the Sunburst backdoor

SecureList

DECEMBER 23, 2020

The companies that appeared to be of special interest to the malicious actors may have been subjected to deployment of additional persistent malware. Read more about our research on Sunburst malware here. Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names.

Malware

Malware Telecommunications DNS Government

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

This update touches on the newly detected malware , attack vectors to guard against, and why the targeting of security vendors is a critical development in cybersecurity. Before jumping into the technical details regarding each new malware detected and proper safeguards, here is a brief look at the events to date: Sep 2019.

Software

Software Malware Authentication Penetration Testing

How to Stop DDoS Attacks: Prevention & Response

eSecurity Planet

SEPTEMBER 3, 2022

For example, the 2016 DDoS attack on the Dyn managed domain name service (DNS) caused the DNS service to fail to respond to legitimate DNS inquiries and effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others. Also read: How to Secure DNS. Types of DDoS Attacks. Harden infrastructure.

DDOS

DDOS DNS Firewall Internet

APT34: Glimpse project

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. It also appeared in the recent CISA Emergency Directive 20-01.

DNS

DNS Education Malware Telecommunications

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking

Banking Telecommunications Marketing Internet

APT trends report Q1 2021

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware

Malware Spyware Government Social Engineering

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

Bonupdater, Helminth, Quadangent and PowRuner are some of the most sophisticated Malware attributed to OilRig and analyzed over the past few years. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” Indeed no 0days or usage of advanced exploits is found over the target infrastructure.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

Cyber Security Informer

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Sunburst: connecting the dots in the DNS requests

Trending Sources

Lyceum group reborn

What are Common Types of Social Engineering Attacks?

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Canadian Police Raid ‘Orcus RAT’ Author

Lyceum APT made the headlines with attacks in Middle East

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

OilRig APT group: the evolution of attack techniques over time

How we protect our users against the Sunburst backdoor

Guarding Against Solorigate TTPs

How to Stop DDoS Attacks: Prevention & Response

APT34: Glimpse project

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

Iran-linked APT34: Analyzing the webmask project

Group-IB presents its annual report on global threats to stability in cyberspace

APT trends report Q1 2021

Iranian Threat Actors: Preliminary Analysis

Stay Connected