Cybersecurity

APT29 Goes from Targeted Attacks to Phishing via NOBELIUM: A DNS Deep Dive

APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine. But over the course of investigating the threat group, Mandiant discovered that it may have a hand in cybercriminal operations, specifically phishing, as well.

Tracing BlackNet RAT’s History through a DNS Deep Dive

BlackNet RAT, first discovered during the COVID -- 19 pandemic and being distributed via spam messages offering an effective cure for the virus, seems to have outlived the global crisis.

Phisher Abusing .com TLD?

Phishing campaigns almost always require a massive volume of domains in order to succeed. Phishers, after all, need to have readily weaponizable vectors at their disposal in case the ones they're currently employing get detected and consequently blocked.

Phishing Group Found Abusing .top Domains

Threat researcher Dancho Danchev recently discovered a phishing operation that seemed to be abusing .top domains for which he collated 89 email addresses that served as indicators of compromise (IoCs).

Fishing for QR Code Phishing Traces in the DNS

Threat actors have been seen yet again abusing a technology meant to make things easy for all of us -- QR codes -- in one of the most commonly utilized cybercriminal activities - phishing. The rise in QR code phishing isn't surprising given that according to several studies, as much as 86% of the entire global population use their mobile phones for all kinds of transactions, including financial ones.

Catching Messenger Phishing Footprints Using a DNS Net

A phishing campaign is currently targeting Facebook business accounts with password-stealing malware. The attackers have been using a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages.

Rhysida, Not Novel but Still Dangerous: DNS Revelations

Rhysida, a new ransomware currently plaguing users may not be novel, but it's proving to be just as effective. Fortra published an in-depth analysis of the malware currently holding the data of healthcare organizations primarily based in the U.S. hostage.

The Makings of ADHUBLLKA According to the DNS

It's not uncommon for cybercriminals to tweak an existing piece of malware and then call it a new creation. We've seen that happen even in malware's earliest days. It's actually happening more and more these days, especially with the rise of the malware-as-a-service (MaaS) business model.

Probing the DNS for Signs of XLoader Abuse

XLoader has been plaguing macOS users since it was first discovered in 2021. Back then, though, it only posed a threat to those who opted to install Java on their systems.

DNS Abuse and Redirection: Enough for a New JS Malware to Hide Behind?

DNS abuse combined with redirection seems to be gaining popularity as a stealth mechanism. We've just seen Decoy Dog employ the same tactic. More recently, a still-unnamed JavaScript (JS) malware has been wreaking havoc among WordPress site owners by abusing Google Public DNS to redirect victims to tech support scam sites.