Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Translating Saitama's DNS tunneling messages, (Mon, Jun 13th)

published on 2022-06-13 15:00:45 UTC by
Content:
Saitama is a backdoor that uses the DNS protocol to encapsulate its command and control (C2) messages - a technique known as DNS Tunneling (MITRE ATT&CK T1071). Spotted and documented by MalwareBytes in two articles posted last month (How the Saitama backdoor uses DNS tunneling and APT34 targets Jordan Government using new Saitama backdoor), Saitama was used in a phishing e-mail targeted to a government official from Jordan’s foreign ministry on an attack attributed to the Iranian group APT34.
Article: Translating Saitama's DNS tunneling messages, (Mon, Jun 13th) - published over 2 years ago.

https://isc.sans.edu/diary/rss/28738   
Published: 2022 06 13 15:00:45
Received: 2022 06 13 16:03:12
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 0

Custom HTML Block

Click to Open Code Editor