#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

DNSpionage | Breaking Cybersecurity News | The Hacker News

Category — DNSpionage
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies

Jan 06, 2024 Cyber Espionage / Supply Chain Attack
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as  Sea Turtle . "The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group used to collect politically motivated information such as personal information on minority groups and potential political dissents," Dutch security firm Hunt & Hackett  said  in a Friday analysis. "The stolen information is likely to be exploited for surveillance or intelligence gathering on specific groups and or individuals." Sea Turtle, also known by the names Cosmic Wolf, Marbled Dust (formerly Silicon), Teal Kurma, and UNC1326, was  first documented  by Cisco Talos in April 2019, detailing  state-sponsored attacks  targeting public and private entities in the Middle E
'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

Apr 24, 2019
The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims' computers with DNSpionage —a custom remote administrative tool that uses HTTP and DNS communication to communicate with the attacker-controlled command and control server. According to a new report published by Cisco's Talos threat research team, the group has adopted some new tactics, techniques and procedures to improve the efficacy of their operations, making their cyber attacks more targeted, organised and sophisticated in nature. Unlike previous campaigns, attackers have now started performing reconnaissance on its victims before infecting them with a new piece of malware, dubbed Karkoff , allowing them to selectively choose which t
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
Expert Insights / Articles Videos
Cybersecurity Resources