DNSpionage. Image   - DNSpionage - DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates

A new threat actor is targeting Lebanon and (UAE) government , as well as a Lebanese airline company, according to Warren Mercer and Paul Rascagneres at Cisco Talos. This group is using two fake job posting websites to deliver malicious Office documents.

These documents contain a remote administration tool, dubbed “DNSpionage” by Talos, that communicates with the attackers via HTTP and DNS. The can also operate using only DNS, facilitating data exfiltration by avoiding proxies and web filtering.

The threat actor uses infrastructure and TTPs that are unrelated to any other group or . The attackers used the same IP in another to redirect the DNS of legitimate .gov sites and private company domains to attacker-controlled IP addresses. The researchers used DNS exfiltration to identify the location of some of the victims, finding that the DNS queries originated in Lebanon and the UAE. Numerous public sector nameservers in both countries were compromised.

The researchers say that, while the DNS redirection was taking place, the attackers would have been able to intercept all traffic destined for the compromised hostnames. This could have allowed them to harvest email or VPN credentials, or abuse multi-factor authentication.

“It is unclear if these DNS redirection attacks were successful, but the attackers have kept up their efforts, five attacks so far this year, including one in the past two weeks,” say Mercer and Rascagneres. “Users should use these campaigns as proof that their endpoint protection as well as the network protection need to be as strong as possible. This is an advanced actor who obviously has their sights set on some important , and they don’t appear to be letting up any time soon.”

Another defensive measure that can be implemented is user awareness training. These attackers use social engineering to trick victims into downloading their malware. new-school security awareness training can give the ability to recognize and avoid these attacks before falling victim to them.

Talos has the story: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 

Get A Quote  - a8252926 7187 4c02 9dd4 933c17d712b1 - DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates
Request A Demo  - 2af0f76d 67ca 4454 9896 5cb1da9b1f50 - DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates

 



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here