Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS 109

DNS Telecommunications Government Encryption 109

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS 111

DNS Government Telecommunications Advertising 111

Heimadal Security

JANUARY 10, 2024

DNS hijacking and traffic redirection that leads to man-in-the-middle attacks are among their cyber espionage techniques. Their goal is to collect economic and political intelligence […] The post Sea Turtle Hackers Spy on Dutch ISPs and Telecommunication Companies appeared first on Heimdal Security Blog.

Telecommunications 94

Telecommunications DNS Media Internet 94

Security Boulevard

SEPTEMBER 15, 2022

Last month, a large Canadian telecommunications provider suffered a catastrophic outage for more than 18 hours. The post Why You Need a Secondary DNS appeared first on Security Boulevard. Many Canadians found themselves disconnected when cellular networks and the internet failed to respond—at home or at work.

DNS 93

DNS Telecommunications Internet Internet 93

Security Boulevard

JUNE 9, 2022

Active since 2017, Lyceum group is a state-sponsored Iranian APT group that is known for targeting Middle Eastern organizations in the energy and telecommunication sectors and mostly relying on.NET based malwares. The threat actor then leverages the AutoClose() function to drop the DNS backdoor onto the system. Lyceum.NET DNS backdoor.

DNS 98

DNS Energy and Utilities Malware Telecommunications 98

Krebs on Security

SEPTEMBER 1, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. ” “We stand against DNS abuse in any form and maintain multiple systems and protocols to protect all the TLDs we operate,” the statement continued. US phishing domains.US Department of Commerce.

Phishing 326

Phishing Telecommunications Government DNS 326

Krebs on Security

OCTOBER 31, 2023

is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. “We’re always looking at the end malware or phishing page, but what we’re finding here is that there’s this middle layer of DNS threat actors persisting for years without notice.”

Phishing 346

Phishing Telecommunications Malware Scams 346

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. CrowdStrike researchers reported that at least 13 telecommunication companies were compromised by since 2019.

Telecommunications 136

Telecommunications Mobile Hacking Architecture 136

SecureList

DECEMBER 18, 2020

In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. These requests contain information about the infected computer; if the attackers deem it interesting enough, the DNS response includes a CNAME record pointing to a second level C&C server. Low-level details. avsvmcloud[.]com”

DNS 76

DNS Telecommunications Malware Encryption 76

Security Affairs

SEPTEMBER 26, 2024

In August, Volexity researchers reported that a China-linked APT group, tracked as StormBamboo (aka Evasive Panda , Daggerfly , and StormCloud), successfully compromised an undisclosed internet service provider (ISP) in order to poison DNS responses for target organizations. The company linked the attacks to StormBamboo APT group.

Internet 128

Internet Internet DNS Telecommunications 128

Security Affairs

FEBRUARY 24, 2019

“The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

Internet 111

Internet Internet DNS Telecommunications 111

CyberSecurity Insiders

OCTOBER 22, 2021

Interestingly, the findings state that the threat actors, probably funded by a government, were hiding in the external DNS servers of telcos and conducting espionage through General Packet Radio Services (GPRS) networks. The post What is Telecom LightBasin Cyber Attack appeared first on Cybersecurity Insiders.

Cyber Attacks 139

Cyber Attacks Telecommunications DNS Government 139

SecureList

OCTOBER 18, 2021

As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP. Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++.

DNS 132

DNS Telecommunications Malware Accountability 132

Security Affairs

SEPTEMBER 23, 2024

Earth Baxia primarily targeted government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand. The EAGLEDOOR backdoor can communicate with C2 via DNS, HTTP, TCP, and Telegram.

DNS 139

DNS Government Phishing Telecommunications 139

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. Additionally, it can interact with other devices on the LAN and transfer data or deploy new agents.

Malware 130

Malware DNS Authentication Telecommunications 130

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS 105

DNS Passwords Advertising Banking 105

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware 104

Malware Telecommunications DNS Hacking 104

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. ” reads the warning published by Microsoft.

Telecommunications 97

Telecommunications DNS Malware Advertising 97

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 107

DNS Computers and Electronics Penetration Testing Government 107

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering. Original post at: [link].

Internet 111

Internet Internet Telecommunications DNS 111

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol. If the performed DNS request fails, the next stage is SLEEP.

Government 145

Government DNS Telecommunications Accountability 145

CyberSecurity Insiders

APRIL 12, 2023

The report stems from a detailed analysis of attacks targeting StormWall’s clientele, which spans various sectors such as finance, e-commerce, telecommunications, entertainment, transportation, education, and logistics. Telecommunications continued to be a popular target, enduring 16% of attacks and a 47% YoY increase.

DDOS 129

DDOS Telecommunications Data breaches DNS 129

CyberSecurity Insiders

MARCH 5, 2021

According to CRN news , SolarWinds stated that its customers included 425 of the US Fortune 500, the top ten US telecommunications companies, the top five US accounting firms, all branches of the US Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. Infected Domains Analysis.

DNS 138

DNS Malware Education Telecommunications 138

Security Affairs

JANUARY 7, 2024

Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns. The group targets government entities, Kurdish (political) groups like PKK, telecommunication, ISPs, IT-service providers (including security companies), NGO, and Media & Entertainment sectors; Over the years, the group enhanced its evasion capabilities.

Accountability 139

Accountability Media Telecommunications Government 139

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS 111

DNS Computers and Electronics Penetration Testing Government 111

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

Cybercrime 118

Cybercrime Telecommunications DNS Technology 118

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. The malware uses DNS and HTTP-based communication mechanisms. The activity of the Lyceum APT group was first documents earlier of August by researchers at ICS security firm Dragos that tracked it as Hexane.

DNS 107

DNS Penetration Testing Passwords Social Engineering 107

Security Affairs

JANUARY 29, 2019

Early January, security experts at FireEye uncovered a DNS hijacking campaign that was targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe.

Cyber Attacks 100

Cyber Attacks Telecommunications DNS Advertising 100

Security Affairs

DECEMBER 24, 2019

The authorities want to ensure that the access to Russian Internet resources will be maintained also under attack, to do this, Russian experts are thinking a sort of DNS managed by Moscow. Currently, among the 12 organizations that oversee DNS base servers worldwide there isn’t an entity in Russia.

Internet 98

Internet Internet DNS Surveillance 98

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking 123

Banking Telecommunications Marketing Phishing 123

eSecurity Planet

JULY 29, 2021

Vishing attacks are also similar to phishing and smishing, but these attacks target VoIP and telecommunications services rather than text-based mediums. Usually this is accomplished either by deploying malware that changes the target computer’s host files, or by using a technique known as DNS cache poisoning.

Social Engineering 128

Social Engineering Engineering Phishing DNS 128

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America. MITRE ATT&CK T1572 Protocol Tunneling. MuddyWater APT Group Attacks in Picus Threat Library.

Telecommunications 115

Telecommunications DNS Malware Government 115

Security Affairs

JANUARY 13, 2023

The C2 infrastructure used by the group was primarily hosted on the Bulgarian telecommunications company Neterra. Experts observed threat actors also using No-IP Dynamic DNS services. GitHub removed the accounts after SentinelOne reported the abuse to the company. The current C2 server is zig35m48zur14nel40[.]myftp.org

DDOS 98

DDOS Telecommunications DNS Cybercrime 98

Security Affairs

NOVEMBER 11, 2022

The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113).

Ransomware 98

Ransomware Telecommunications DNS Hacking 98

SC Magazine

FEBRUARY 17, 2021

.” Quad9 is a non-profit offering a free recursive DNS service that does not log user data. and Google Public DNS. The company received a finding of law from the Swiss government that it will not be treated as a telecommunications provider, exempting it from laws that would mandate data collection. are wary of U.S.

DNS 96

DNS Telecommunications Surveillance Data collection 96

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group).

Computers and Electronics 104

Computers and Electronics Penetration Testing DNS Phishing 104

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB.

Cybercrime 104

Cybercrime Phishing Banking Telecommunications 104