Global DNS probing operation by Chinese threat actor discovered – SC Media

(Adobe Stock)
Global domain name system probes have been deployed by China-linked actor SecShow since June, The Hacker News reports.
Operations of the campaign have originated from the Chinese government-funded China Education and Research Network and may have been associated with research concerning IP address spoofing technique measurements within secshow[.]net domains, according to a report from Infoblox.
Further analysis showed the probes involving open DNS resolver discovery and DNS response calculations through a CERNET nameserver controlled by SecShow, which yields a random IP address that then triggers query amplification by Palo Alto Cortex Xpanse.
“The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor,” said researchers.

Such a development comes after Chinese state-sponsored threat operation Muddling Meerkat was reported to have increased global DNS manipulation operations, as well as the emergence of the novel Rebirth distributed denial-of-service botnet.
SC StaffJune 14, 2024
Only 19% of MITRE ATT&CK techniques leveraged by threat actors could be detected by major enterprise security information and event management tools, including those from Microsoft, Splunk, IBM, and Sumo Logic, despite the presence of data that could allow the identification of 87% of such techniques, reports SiliconAngle.
SC StaffJune 14, 2024
Organizations and individuals in the government, defense, and technology sectors across India have been targeted by Pakistan-linked threat group Cosmic Leopard, also known as SpaceCobra, in attacks with the GravityRAT Android malware and HeavyLift Windows malware loader as part of Operation Celestial Force, which has been ongoing since 2018, reports The Hacker News.
SC StaffJune 14, 2024
Microsoft was reported by ProPublica to have ignored warnings by former employee Andrew Harris regarding the presence of the Golden SAML vulnerability in its Active Directory Federation Services offering years before it had been leveraged to facilitate the widespread SolarWinds software supply chain hack in 2020, according to CRN.
On-Demand Event
Tue Dec 17

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.

Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

source

About The Author

admin

See author's posts