DNS Hijacker
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28, also tracked as Fancy Bear, Sofacy, Forest Blizzard, Strontium, Storm-2754, and Sednit, has been linked to Russia’s General Staff Main […]
‘PlushDaemon’ hackers hijack software updates in supply-chain attacks
A China-linked threat actor tracked as ‘PlushDaemon’ is hijacking software update traffic using a new implant called EdgeStepper in cyberespionage operations. Since 2018, PlushDaemon hackers have targeted individuals and organizations in the United States, China, Taiwan, Hong Kong, South Korea, and New Zealand with custom malware, such as the SlowStepper backdoor. PlushDaemon has compromised electronics manufacturers, universities, […]
Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
A threat actor tracked as ‘Hazy Hawk’ is hijacking forgotten DNS CNAME records pointing to abandoned cloud services, taking over trusted subdomains of governments, universities, and Fortune 500 companies to distribute scams, fake apps, and malicious ads. According to Infoblox researchers, Hazy Hawk first scans for domains with CNAME records pointing to abandoned cloud endpoints, which they determine […]