Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Industry Updates

RedHotel Attack Infrastructure: A DNS Deep Dive

We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings.

Finding WyrmSpy and DragonEgg Ties to APT41 in the DNS

APT41, also known as "Winnti," "BARIUM," or "Double Dragon," is an APT group said to originate from China. Having been active since 2012, APT41 rose to infamy by successfully launching targeted cyber espionage attacks on government agencies and private companies worldwide.

DNS Insights behind the JumpCloud Supply Chain Attack

Even solutions meant to enhance security can sometimes fall prey to the best cyber attackers. That's what happened to JumpCloud, a cloud-based directory service platform designed to centralize and simplify identity access management (IAM).

Signs of MuddyWater Developments Found in the DNS

Cyber espionage group MuddyWater's or Mercury's first major campaign was seen as early as 2012. But as things always go in the cybersecurity realm, threat groups, especially those that gain infamy, don't necessarily just come and go.

AI Tool Popularity: An Opportunity for Launching Malicious Campaigns?

The latest fraud data Sift published in "Q2 2023 Digital Trust & Safety Index" revealed that 78% of users are concerned that fraudsters could exploit AI tools to victimize them.

DNS Revelations on Eevilcorp

Phishing, despite its age and infamy, remains one of the top threats to corporate and personal networks alike. And it's not hard to see why -- it continues to be effective. In fact, more than a third of all data breaches today involve phishing.

WhiteSnake Stealer Serpentines through the DNS

It's not unusual for data stealers to target several browsers simultaneously. Zooming in on multiple platforms at once, including email clients, gaming portals, chat apps, crypto wallets, and even VPN-protected services, however, is quite novel.

A DNS Deep Dive Into Malware Crypting

Each time organizations shore up their network defenses, cybercriminals devise new and innovative ways to up the cyber attack ante. That's actually the rationale behind malware crypting - the process of making malicious programs, apps, and files appear harmless to anti-malware and intrusion detection solutions.

BlackCat Hacks Reddit Again, Take a Look at What the DNS Revealed

The first time the BlackCat ransomware gang breached Reddit's network last February, they phished an employee to hack into the target network. This time, according to a ReversingLabs detailed report, they successfully dropped BlackCat onto the company's systems and threatened to release its data if it fails to pay the ransom.

MOVEit Bug-CLOP Ransomware Threat Vector Identification Aided by DNS Intelligence

The beginning of the month of June, according to CleanINTERNET, marked the emergence of several zero-day attacks targeting vulnerable MOVEit servers to exfiltrate confidential data. MOVEit Transfer is a managed file transfer software that supports file and data exchange.