Krebs on Security

SEPTEMBER 1, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. for Germany — which has a far larger market share of domain name registrations than.US — have very low levels of abuse, including phishing and malware,” Marks told KrebsOnSecurity.

Phishing 225

Phishing Telecommunications Government DNS 225

SecureList

OCTOBER 18, 2021

Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++. As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP.

DNS 92

DNS Telecommunications Malware Accountability 92

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications 66

Telecommunications DNS Malware Advertising 66

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS 72

DNS Passwords Advertising Banking 72

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol. If the performed DNS request fails, the next stage is SLEEP.

Government 142

Government DNS Telecommunications Accountability 142

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America. Picus Threat Library consists of 71 threats of the MuddyWater threat group, including the following malware: .

Telecommunications 115

Telecommunications DNS Malware Government 115

Security Affairs

NOVEMBER 11, 2022

In April, Sandworm targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers.

Ransomware 84

Ransomware Telecommunications DNS Hacking 84

eSecurity Planet

JULY 29, 2021

These types of attacks usually involve spoofed emails that attempt to impersonate a legitimate sender and convince the recipient to divulge confidential information or click a link or attachment that’s laced with malware. Any action that the user takes in response usually results in a malware launch or a similar kind of attack.

Social Engineering 128

Social Engineering Engineering Phishing DNS 128

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools.” Security experts at Dragos Inc.

DNS 81

DNS Penetration Testing Passwords Social Engineering 81

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. Original post at: [link].

Internet 74

Internet Internet Telecommunications DNS 74

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. In an “official press release” posted to pastebin.com on Mar.

Advertising 215

Advertising Malware Marketing Software 215

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime 95

Cybercrime Phishing Banking Telecommunications 95

SecureList

JUNE 2, 2022

It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. Leaving the mystery of the delivery method aside for now, let’s look at the capabilities of the malware itself.

Malware 113

Malware Encryption Social Engineering Telecommunications 113

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1388) , from group_b to group_d time frames OilRig used real Compromised User Accountsextracted by Malware (rif. Exploit Technique Over Time.

Computers and Electronics 80

Computers and Electronics Penetration Testing DNS Phishing 80

SecureList

DECEMBER 23, 2020

The companies that appeared to be of special interest to the malicious actors may have been subjected to deployment of additional persistent malware. Read more about our research on Sunburst malware here. Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names.

Malware 57

Malware Telecommunications DNS Government 57

eSecurity Planet

SEPTEMBER 3, 2022

For example, the 2016 DDoS attack on the Dyn managed domain name service (DNS) caused the DNS service to fail to respond to legitimate DNS inquiries and effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others. Also read: How to Secure DNS. Types of DDoS Attacks. Harden infrastructure.

DDOS 144

DDOS DNS Firewall Internet 144

eSecurity Planet

FEBRUARY 3, 2021

This update touches on the newly detected malware , attack vectors to guard against, and why the targeting of security vendors is a critical development in cybersecurity. Before jumping into the technical details regarding each new malware detected and proper safeguards, here is a brief look at the events to date: Sep 2019.

Software 62

Software Malware Authentication Penetration Testing 62

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 85

DNS Computers and Electronics Penetration Testing Government 85

CyberSecurity Insiders

MARCH 5, 2021

On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. It also appeared in the recent CISA Emergency Directive 20-01.

DNS 138

DNS Education Malware Telecommunications 138

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 76

DNS Computers and Electronics Penetration Testing Government 76

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking 84

Banking Telecommunications Marketing Internet 84

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware 139

Malware Spyware Government Social Engineering 139

Security Affairs

JANUARY 15, 2020

Bonupdater, Helminth, Quadangent and PowRuner are some of the most sophisticated Malware attributed to OilRig and analyzed over the past few years. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.” Indeed no 0days or usage of advanced exploits is found over the target infrastructure.

Computers and Electronics 77

Computers and Electronics Penetration Testing Malware Government 77

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In October, telecommunications firm Telenor Norway was another to fall victim. Extortionists’ activity regularly made the news throughout 2020.

DDOS 129

DDOS Cryptocurrency Marketing Internet 129