First detailed in November 2018, the DNSpionage campaign relied on DNS redirection in attacks aimed at entities in the Middle East. Additional attacks have been observed since, and the U.S. Department of Homeland Security even issued an alert on this threat activity in January.
Recent attacks, Talos now says, reveal that the group behind DNSpionage continues to change its tactics, supposedly in an attempt to improve efficiency. It also adopted a new piece of malware, which the security researchers refer to as Karkoff.
Furthermore, an analysis of the recently leaked OilRig malware toolset has revealed a possible connection with the DNSpionage attacks, Talos says.
Leave a reply