Cybersecurity

Sponsored
by

Cybersecurity / Industry Updates

Tracking Down Sea Turtle IoCs in the DNS Ocean

The Sea Turtle threat group recently made headlines when it expanded its operations to target ISPs and telecommunications and media companies in the Netherlands. In the past, Sea Turtle primarily targeted organizations in the Middle East and the U.S. using DNS hijacking and man-in-the-middle (MitM) attacks.

Tracing the DNS Spills of the OilRig Cyber Espionage Group

The OilRig cyber espionage group that goes by many names, including APT34, Crambus, Lyceum, and Siamesekitten, launched a long-term intrusion against a Middle Eastern government agency that ran from February to September 2023.

Uncloaking the Underbelly of JinxLoader

Cybercriminals are known for using so-called "loaders" like Xloader to initiate computer infections. Worse, even newbies can now get their hands on these malware distributors via hacker forums. Case in point? JinxLoader, one of the latest malicious offerings up for grabs on the likes of hackforums[.]net.

Examining the Mirai.TBOT IoCs under the DNS Microscope

The Mirai botnet, first discovered way back in 2016, made headlines and gained infamy as the biggest botnet to hit networks the world over. It has resurfaced with multiple ways of infecting Internet of Things (IoT) devices and the ability to launch zero-day exploits.

A Deep Dive into 6 APT Groups Based in or Targeting APAC

Advanced persistent threat (APT) groups are more dangerous than your run-of-the-mill cybercriminals. They, after all, trail their sights not only on financial gain but loftier targets such as wreaking havoc on entire nations.

WhoisXML API Launches New and Improved Website Categorization Products

WhoisXML API is thrilled to introduce a new version of Website Categorization API and Website Categorization Database. The product line now offers an enhanced website categorization model with additional context and is powered by advanced artificial intelligence (AI) algorithms, offering overall better stability and accuracy.

Exploring Epsilon Stealer Traces Aided by DNS Intel

Computers that get infected with the Epsilon stealer could spell game over for serious gamers, but they are not the only ones at risk. The creators of games like EPSILON, Pokemon, and Roblox that the malware operators are mimicking stand to lose a lot as well. They may lose customers and damage their reputation in the process.

A Peek at the PikaBot Infrastructure

It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google's security measures by setting up decoy infrastructures.

Investigating the UNC2975 Malvertising Campaign Infrastructure

Mandiant's Managed Defense Threat Hunting Team recently published an in-depth study of the malware distributed via what they have dubbed the "UNC2975 malvertising campaign." Users who have been tricked into clicking poisoned sponsored search engine results and social media posts ended up with computers infected with either the DANABOT or DARKGATE backdoor.

Unveiling Global Domain Activity Trends in Q4 2023

The new domain name registration volume rose 10.24% from the third to the fourth quarter of 2023. WhoisXML API researchers uncovered this finding, along with other DNS trends, after analyzing more than 31 million newly registered domains (NRDs) added from 1 October to 31 December 2023 as seen in the Newly Registered Domains Data Feed.