The Latest in IT Security

APT group`s malware retrieved C&C IP addresses from Microsoft`s TechNet portal

15
May
2015
APT group`s malware retrieved C&C IP addresses from Microsoft`s TechNet portal

malware-virus-security-threat

A China-based APT group has been using ’s TechNet web portal to host encoded Command and Control IP addresses for its BLACKCOFFEE , FireEye researchers have revealed.

“While other groups have used legitimate websites to host C&C IP addresses, APT17 took the additional step of embedding encoded C&C IP addresses for the BLACKCOFFEE malware in legitimate Microsoft TechNet profile pages and forum threads, a method some in the information community call a ‘dead drop resolver’,” the researchers explained in a report (registration required).

Read More

Leave a reply


Categories

FRIDAY, DECEMBER 15, 2017

Featured

Archives

Latest Comments

Social Networks