Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » APT group hijacks popular domains to mask C&C communications

APT group hijacks popular domains to mask C&C communications

2014/08/06

Securityweek - (International) Researchers with FireEye reported identifying an advanced persistent threat campaign dubbed "Poisoned Hurricane" that used a variant of the PlugX (Kaba) malware configured to resolve DNS lookups through the nameservers of Hurricane Electric, which then spoofed legitimate domains and IP addresses to disguise the malware's communication with command and control (C&C) servers.

Source: http://www.securityweek.com/apt-group-hijacks-popular-domains-mask-cc-communications-fireeye

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:21:15