Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. PASSIVE DNS. The U.S.

DNS 204

DNS Internet Internet Wireless 204

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”. The emergency directive is probably related to a recently disclosed campaign of DNS hijacking attacks uncovered by FireEye.

DNS 76

DNS Telecommunications Government Risk 76

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. Security experts at FireEye uncovered a DNS hijacking campaign that is targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. SecurityAffairs – Iran, DNS hijacking).

DNS 73

DNS Telecommunications Encryption Government 73

Security Affairs

OCTOBER 20, 2021

A China-linked hacking group, tracked as LightBasin (aka UNC1945 ), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies.

Telecommunications 110

Telecommunications Architecture DNS Mobile 110

SecureList

DECEMBER 18, 2020

In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. These requests contain information about the infected computer; if the attackers deem it interesting enough, the DNS response includes a CNAME record pointing to a second level C&C server. Our colleagues from FireEye published several DNS requests that supposedly led to CNAME responses on Github: [link]. Each one of these DNS requests also has the Base32-encoded UID.

DNS 63

DNS Telecommunications Firmware Encryption 63

Security Affairs

FEBRUARY 24, 2019

“The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. ” Even if the attacks date back to 2017, in recent weeks the experts observed a spike in the malicious activities against the Internet infrastructure, threat actors are targeting the Domain Name System or DNS which are responsible for traffic rounting.

Internet 82

Internet Internet Telecommunications DNS 82

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites. Most recently, Netflix became a popular domain for DNS hijackers.”

Telecommunications 74

Telecommunications Passwords Banking Firmware 74

CyberSecurity Insiders

OCTOBER 22, 2021

Interestingly, the findings state that the threat actors, probably funded by a government, were hiding in the external DNS servers of telcos and conducting espionage through General Packet Radio Services (GPRS) networks.

Cyber Attacks 114

Cyber Attacks Cybersecurity Telecommunications DNS 114

Malwarebytes

MAY 10, 2022

The group is known to focus on the financial, governmental, energy, chemical, and telecommunication sectors. Calls the “eNotif’ function which is used to send a notification of each steps of macro execution to its server using the DNS protocol.

Government 112

Government DNS Telecommunications Accountability 112

SecureList

OCTOBER 18, 2021

As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP. This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference.

DNS 78

DNS Telecommunications Accountability Technology 78

Security Boulevard

JANUARY 12, 2022

MuddyWater (also known as TEMP.Zagros, Static Kitten, Seedworm, and Mercury) is a threat group that primarily targets telecommunications, government, oil, defense, and finance sectors in the Middle East, Europe, and North America.

Telecommunications 94

Telecommunications DNS Malware Government 94

Security Affairs

AUGUST 10, 2020

In March 2020, The Ministry of Telecommunications (MoTC) issued a directive to all operators in Myanmar with a secret list of 230 sites to be blocked due to the nature of the content; adult content and fake news. Our findings show that both Telenor and MPT block websites using DNS tampering.

Internet 87

Internet Internet Telecommunications DNS 87

Security Affairs

DECEMBER 12, 2019

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide.

Telecommunications 67

Telecommunications DNS VPN Advertising 67

CyberSecurity Insiders

MARCH 5, 2021

The enterprises need to deploy a good NTA (NDR) solution that is capable of logging important metadata from the traffic of DNS and other important L7 application protocols.

Cybersecurity 109

Cybersecurity DNS Telecommunications Insurance 109

eSecurity Planet

JULY 29, 2021

Vishing attacks are also similar to phishing and smishing, but these attacks target VoIP and telecommunications services rather than text-based mediums. In the latter approach, attackers target the website hosting server and change the DNS table so that users are redirected to a fake website.

Social Engineering 96

Social Engineering Engineering DNS Artificial Intelligence 96

Security Affairs

DECEMBER 24, 2019

The authorities want to ensure that the access to Russian Internet resources will be maintained also under attack, to do this, Russian experts are thinking a sort of DNS managed by Moscow. Russia successfully disconnected from the internet.

Internet 77

Internet Internet DNS Telecommunications 77

Krebs on Security

APRIL 2, 2019

31, 2019, Rezvesz said his company recently was the subject of an international search warrant executed jointly by the Royal Canadian Mounted Police (RCMP) and the Canadian Radio-television and Telecommunications Commission (CRTC). “In As KrebsOnSecurity noted in 2016 , in conjunction with his RAT Rezvesz also sold and marketed a bulletproof “dynamic DNS service” that promised not to keep any records of customer activity.

Telecommunications 178

Telecommunications Spyware DNS Advertising 178

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. Group-IB supported INTERPOL in its Operation Lyrebird that allowed to identify a threat actor presumably responsible for multiple attacks.

Cybercrime 94

Cybercrime Phishing Telecommunications Banking 94

Security Affairs

JANUARY 29, 2019

Early January, security experts at FireEye uncovered a DNS hijacking campaign that was targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. Israeli Prime Minister Benjamin Netanyahu accuses Iran of launching cyber-attacks on its country with a daily basis.

Cyber Attacks 68

Cyber Attacks Telecommunications DNS Advertising 68

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. According to Duo, “ OilRig delivered Trojans that use DNS tunneling for command and control in attacks since at least May 2016.

DNS 76

DNS Penetration Testing Computers and Electronics Telecommunications 76

SC Magazine

FEBRUARY 17, 2021

” Quad9 is a non-profit offering a free recursive DNS service that does not log user data. and Google Public DNS. Quad9, the privacy-focused domain resolver, announced Wednesday it would move its offices to Zurich, Switzerland to subject itself to stricter privacy laws.

DNS 81

DNS Telecommunications Surveillance Data collection 81

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work.

Banking 85

Banking Telecommunications DNS Retail 85

eSecurity Planet

JANUARY 26, 2022

Spun off from the telecommunications vendor JDS Uniphase in 2015, Viavi Solutions is a newer name, but it has four-plus decades of IT services experience.

Marketing 79

Marketing DDOS DNS Wireless 79

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. The malware uses DNS and HTTP-based communication mechanisms. “Password spraying, DNS tunneling, social engineering, and abuse of security testing frameworks are common tactics, particularly from threat groups operating in the Middle East.”

Penetration Testing 70

Penetration Testing DNS Telecommunications Passwords 70

SecureList

DECEMBER 23, 2020

Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names. Based on the CNAME records published by FireEye, we identified only two entities, a US government organization and a telecommunications company, who were tagged and “promoted” to dedicated C2s for additional exploitation. What happened. SolarWinds, a well-known IT managed services provider, has recently become a victim of a cyberattack.

Telecommunications 51

Telecommunications DNS Malware Ransomware 51

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group). They begun development by introducing crafted communication protocol over DNS and later they added, to such a layer, encoding and encryption self build protocols.

Penetration Testing 68

Penetration Testing DNS Computers and Electronics Telecommunications 68

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In October, telecommunications firm Telenor Norway was another to fall victim. News overview.

DDOS 103

DDOS Cryptocurrency Marketing Telecommunications 103

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services.

Penetration Testing 75

Penetration Testing Computers and Electronics Telecommunications DNS 75

eSecurity Planet

FEBRUARY 3, 2021

The National Telecommunications and Information Administration (NTIA) offers the concept of a Software Bill of Materials (SBOM) to address this problem. Mail DNS controls.

Penetration Testing 56

Penetration Testing Software Malware Authentication 56

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record."

Computers and Electronics 52

Computers and Electronics InfoSec Artificial Intelligence Software 52

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose.

Social Engineering 110

Social Engineering Surveillance Telecommunications Spyware 110

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future.

Computers and Electronics 40

Computers and Electronics Artificial Intelligence InfoSec Software 40

ForAllSecure

OCTOBER 9, 2019

Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future.

Computers and Electronics 40

Computers and Electronics Artificial Intelligence InfoSec Software 40