Security News > 2022 > June > Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

"The new malware is a.NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'" Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
"The malware leverages a DNS attack technique called 'DNS Hijacking' in which an attacker-controlled DNS server manipulates the response of DNS queries and resolves them as per their malicious requirements."
DNS hijacking is a redirection attack in which DNS queries to genuine websites are intercepted to take an unsuspecting user to fraudulent pages under an adversary's control.
Unlike cache poisoning, DNS hijacking targets the DNS record of the website on the nameserver, rather than a resolver's cache.
The.NET DNS backdoor, dubbed DnsSystem, is a reworked variant of the open-source DIG.net DNS resolver tool, enabling the Lyceum actor to parse DNS responses issued from the DNS server and carry out its nefarious goals.
In addition to abusing the DNS protocol for command-and-control communications to evade detection, the malware is equipped to upload and download arbitrary files to and from the remote server as well as execute malicious system commands remotely on the compromised host.
News URL
https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)