Home Resources Blog New Credential-Theft Attack Weaponizes DNS

New Credential-Theft Attack Weaponizes DNS

Francesco Altomare, Senior Sales Engineer @ GlobalDots
02.09.2019
image 1 Min read

The recently discovered campaign sends stolen data out of the network as part of a DNS query.

A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.

Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.

dns hijacking

Read more: Dark Reading

Read More

“We’re narrowing the consumption gap”
Your Innovation Feed
Admin Globaldots 31.07.22

“If you want an innovation enabler, unbiased source of truth to help you navigate the fast-changing cloud-sphere, we’re right here” – CEO & Founder of GlobalDots, Yuval Rachlin

Read more
SIEM Optimization tips to Improve Your Cybersecurity Readiness
SOC as a Service
From our Partners 28.07.22

Simple SIEM Optimization Tips to Improve Your Cybersecurity Readiness.

Read more
The Common Cybersecurity Mistakes that Devastate Businesses
SOC as a Service
From our Partners 27.07.22

Cybercrime investigation is an arduous process that experts should perform because the consequence of doing it incorrectly can be devastating.

Read more
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Contact us