Industry

On the DNS Trail of the Rise of macOS Backdoors

macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023. In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware. more

Checking Out the DNS for More Signs of ResumeLooters

Group-IB uncovered ResumeLooters, a threat actor group specializing in victimizing job hunters to steal their personally identifiable information (PII). more

WhoisXML API Publishes a New Study of 7 APT Groups That Have Targeted North America

In the past two decades, at least 41 advanced persistent threat (APT) groups have launched attacks on entities and organizations based in North America. more

Searching for Potential Propaganda Vehicle Presence in the DNS

The Citizen Lab recently uncovered an ongoing online propaganda campaign they have dubbed "PAPERWALL" that has been targeting local news outlets across 30 countries in Europe, Asia, and Latin America. more

Navigating Change and Unlocking Value: The Strategic Journey of Jack Hazan and IPv4.Global

The passage provided features an interview with Chad Silverstein and Jack Hazan, who is the Executive Vice President at Hilco Streambank. Hazan oversees the operations of Hilco’s IPv4.Global business division. more

Following the VexTrio DNS Trail

VexTrio, a traffic distribution system (TDS) provider believed to be an affiliate of ClearFake and SocGholish, among other threat actors, has been active since 2017. more

DarkGate RAT Comes into the DNS Spotlight

In the past, DarkGate attacks were either lumped together with or classified as BattleRoyal remote access Trojan (RAT) attacks. Recent evidence, however, showed the two malware are not one and the same. more

Tracing Ivanti Zero-Day Exploitation IoCs in the DNS

Among the latest to suffer from zero-day exploitation is Ivanti, a software company providing endpoint management and remote access solutions to various organizations, including U.S. federal agencies. more

DNS Investigation: Is xDedic Truly Done for After Its Takedown?

Law enforcement agencies shut down xDedic, a cybercrime-as-a-service (CaaS) marketplace specifically providing web servers to cybercriminals, back in 2019. However, WhoisXML API threat researcher Dancho Danchev posits that parts of its backend infrastructure may remain traceable. more

DNS Deep Diving into Pig Butchering Scams

New kids on the cybercrime block, pig butchering scams, have been making waves lately, and it is not surprising why. Scammers have been earning tons from them by being able to trick users into investing in seemingly legitimate business ventures but losing their hard-earned cash instead. more

IPv4 Addresses: Dormant Assets or Untapped Digital Gold?

In the digital age, where every device, from smartphones to fridges, connects to the Internet, the topic of IP addresses becomes increasingly relevant. An IP address, a unique identifier for devices on the Internet, has seen its fair share of evolution from IPv4 to IPv6. Yet, the question lingers: Are unused IPv4 addresses a hidden treasure? more

The New RisePro Version in the DNS Spotlight

RisePro, a malware-as-a-service data stealer, has been plaguing users since 2022. ANY.RUN recently discovered and analyzed its latest version in great depth and identified 10 indicators of compromise (IoCs) -- three domains and seven IP addresses. more