Cisco Talos previously published research into a targeted attack that leveraged an interesting infection process using DNS TXT records to create a bidirectional command and control (C2) channel. Using this channel, the attackers were able to directly interact with the Windows Command Processor using the contents of DNS TXT record queries and the associated responses generated on the attacker-controlled DNS server. We have since observed additional attacks leveraging this type of malware attempting to infect several target organizations. These attacks began with a targeted spear phishing email to initiate the malware infections and also leveraged compromised U.S. state government servers to host malicious code used in later stages of the malware infection chain.
- Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques Digest Article
- Has ‘Fireball’ Malware Infected 250 Million Computers? Microsoft Disputes Shocking Claim Digest Article
- CryptoLocker: Surviving a Ransomware Attack CSIAC Webinar
- Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait Digest Article
- Tackling the Ransomware Threat Reference Document