The Latest in IT Security

APT group`s malware retrieved C&C IP addresses from Microsoft`s TechNet portal

15
May
2015
APT group`s malware retrieved C&C IP addresses from Microsoft`s TechNet portal

malware-virus-security-threat

A China-based APT group has been using ’s TechNet web portal to host encoded Command and Control IP addresses for its BLACKCOFFEE , FireEye researchers have revealed.

“While other groups have used legitimate websites to host C&C IP addresses, APT17 took the additional step of embedding encoded C&C IP addresses for the BLACKCOFFEE malware in legitimate Microsoft TechNet profile pages and forum threads, a method some in the information community call a ‘dead drop resolver’,” the researchers explained in a report (registration required).

Read More

Leave a reply


Categories

FRIDAY, AUGUST 23, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks