Cyberattack

WhoisXML API Publishes a New Study of 7 APT Groups That Have Targeted North America

In the past two decades, at least 41 advanced persistent threat (APT) groups have launched attacks on entities and organizations based in North America.

Searching for Potential Propaganda Vehicle Presence in the DNS

The Citizen Lab recently uncovered an ongoing online propaganda campaign they have dubbed "PAPERWALL" that has been targeting local news outlets across 30 countries in Europe, Asia, and Latin America.

Following the VexTrio DNS Trail

VexTrio, a traffic distribution system (TDS) provider believed to be an affiliate of ClearFake and SocGholish, among other threat actors, has been active since 2017.

DarkGate RAT Comes into the DNS Spotlight

In the past, DarkGate attacks were either lumped together with or classified as BattleRoyal remote access Trojan (RAT) attacks. Recent evidence, however, showed the two malware are not one and the same.

Tracing Ivanti Zero-Day Exploitation IoCs in the DNS

Among the latest to suffer from zero-day exploitation is Ivanti, a software company providing endpoint management and remote access solutions to various organizations, including U.S. federal agencies.

The New RisePro Version in the DNS Spotlight

RisePro, a malware-as-a-service data stealer, has been plaguing users since 2022. ANY.RUN recently discovered and analyzed its latest version in great depth and identified 10 indicators of compromise (IoCs) -- three domains and seven IP addresses.

Tracking Down Sea Turtle IoCs in the DNS Ocean

The Sea Turtle threat group recently made headlines when it expanded its operations to target ISPs and telecommunications and media companies in the Netherlands. In the past, Sea Turtle primarily targeted organizations in the Middle East and the U.S. using DNS hijacking and man-in-the-middle (MitM) attacks.

Tracing the DNS Spills of the OilRig Cyber Espionage Group

The OilRig cyber espionage group that goes by many names, including APT34, Crambus, Lyceum, and Siamesekitten, launched a long-term intrusion against a Middle Eastern government agency that ran from February to September 2023.

Uncloaking the Underbelly of JinxLoader

Cybercriminals are known for using so-called "loaders" like Xloader to initiate computer infections. Worse, even newbies can now get their hands on these malware distributors via hacker forums. Case in point? JinxLoader, one of the latest malicious offerings up for grabs on the likes of hackforums[.]net.

Examining the Mirai.TBOT IoCs under the DNS Microscope

The Mirai botnet, first discovered way back in 2016, made headlines and gained infamy as the biggest botnet to hit networks the world over. It has resurfaced with multiple ways of infecting Internet of Things (IoT) devices and the ability to launch zero-day exploits.