Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    DNSpionage Malware Targets Domains in Lebanon and United Arab Emirates

    DNSpionage. Image

    A new threat actor is targeting Lebanon and United Arab Emirates (UAE) government domains, as well as a Lebanese airline company, according to Warren Mercer and Paul Rascagneres at Cisco Talos. This group is using two fake job posting websites to deliver malicious Microsoft Office documents.

    These documents contain a remote administration tool, dubbed “DNSpionage” by Talos, that communicates with the attackers via HTTP and DNS. The malware can also operate using only DNS, facilitating data exfiltration by avoiding proxies and web filtering.

    The threat actor uses infrastructure and TTPs that are unrelated to any other group or campaign. The attackers used the same IP in another campaign to redirect the DNS of legitimate .gov sites and private company domains to attacker-controlled IP addresses. The researchers used DNS exfiltration to identify the location of some of the victims, finding that the DNS queries originated in Lebanon and the UAE. Numerous public sector nameservers in both countries were compromised.

    The researchers say that, while the DNS redirection was taking place, the attackers would have been able to intercept all traffic destined for the compromised hostnames. This could have allowed them to harvest email or VPN credentials, or abuse multi-factor authentication.

    “It is unclear if these DNS redirection attacks were successful, but the attackers have kept up their efforts, launching five attacks so far this year, including one in the past two weeks,” say Mercer and Rascagneres. “Users should use these campaigns as proof that their endpoint protection as well as the network protection need to be as strong as possible. This is an advanced actor who obviously has their sights set on some important targets, and they don’t appear to be letting up any time soon.”

    Another defensive measure that can be implemented is user awareness training. These attackers use social engineering to trick victims into downloading their malware. new-school security awareness training can give employees the ability to recognize and avoid these attacks before falling victim to them.

    Talos has the story: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Malware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews