DNSpionage campaign releases new Karkoff malware into the wild

[silversurfer]

The hacking group behind the DNSpionage campaign have become more choosy in their targets and have released a new form of malware to further their goals.
 
DNSpionage, first discovered in late 2018 by Cisco Talos, utilizes fake websites and specializes in DNS tampering to redirect traffic from legitimate domains to malicious ones. The threat actors also make use of free Let's Encrypt security certificates for redirected domains.
 
Past attacks have been detected against private Lebanese targets including an airline, alongside government domains used by Lebanon and the United Arab Emirates (UAE).
 
The group has now created a new remote administration tool that supports HTTP and DNS communication with their command-and-control (C2) server, according to a new Talos blog post published on Tuesday.

Since the original report, DNSpionage has now revamped its attack methods with a new reconnaissance stage in order to avoid detection by researchers and to create a "fingerprint" for victim systems.

SOURCE: https://www.zdnet.com/article/dnspionage...-the-wild/