Home Resources Blog New Credential-Theft Attack Weaponizes DNS

New Credential-Theft Attack Weaponizes DNS

Francesco Altomare, Senior Sales Engineer @ GlobalDots
02.09.2019
image 1 Min read

The recently discovered campaign sends stolen data out of the network as part of a DNS query.

A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.

Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.

dns hijacking

Read more: Dark Reading

Learn More

The recent OpenSSL patch release – risks & opportunities for GlobalDots’ partners
Infrastructure DDoS
Admin Globaldots 07.11.22

Simple SIEM Optimization Tips to Improve Your Cybersecurity Readiness.

Read more
SIEM Optimization tips to Improve Your Cybersecurity Readiness
SOC as a Service
From our Partners 28.07.22

Simple SIEM Optimization Tips to Improve Your Cybersecurity Readiness.

Read more
The Common Cybersecurity Mistakes that Devastate Businesses
SOC as a Service
From our Partners 27.07.22

Cybercrime investigation is an arduous process that experts should perform because the consequence of doing it incorrectly can be devastating.

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo