SEC spoofed, malware hosted on US gov't server in new DNS attack

screen-shot-2017-10-12-at-08-30-38.jpg File Photo

Researchers have discovered a new version of the DNS Messenger attack which masquerades as the US Securities and Exchange Commission (SEC) and hosts malware on compromised government servers.

On Wednesday, security researches from Cisco Talos revealed the results of an investigation into DNS Messenger, a fileless attack which uses DNS queries to push malicious PowerShell commands on compromised computers.

A new version of this attack, which the team say is "highly targeted in nature," now attempts to compromise victim systems by pretending to be the SEC Electronic Data Gathering Analysis, and Retrieval (EDGAR) system -- recently at the heart of a data breach related to financial fraud -- in specially crafted phishing email campaigns.

These spoofed emails made them seem legitimate, but should a victim open them and download a malicious attachment contained within, a "multi-stage infection process" begins.

The malicious attachments used in this campaign are Microsoft Word documents. However, rather than using macros or OLE objects to gain a foothold into a system, the threat actors used a less common method of infection, Dynamic Data Exchange (DDE), to perform code execution and install a remote access Trojan (RAT).

http://www.zdnet.com/article/sec-spoofed-malware-hosted-on-us-govt-...

Views: 164

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Doc Vega posted blog posts
1 hour ago
Burbia posted a video

A few reasons I don’t like jews. It’s not complicated.

These are the reasons I became antisemitic. It’s not complicated. Sure, I could go on for days, weeks, months outlining everything, but I don’t need to. This...
19 hours ago
Doc Vega commented on Doc Vega's blog post Unusual Discoveries and Headlines
"Less Prone, Thanks Buddy! I'd like to volunteer as a historical reconstructionist! "
yesterday
Less Prone left a comment for t.me/TheIntelligenceLibrary
"Welcome to a revolutionary concept in public communication, the truth."
yesterday
pohonemas33 team is now a member of 12160 Social Network
yesterday
Less Prone favorited cheeki kea's discussion Tartaria
yesterday
tjdavis's 2 blog posts were featured
yesterday
Doc Vega's 7 blog posts were featured
yesterday
Less Prone commented on Doc Vega's blog post Unusual Discoveries and Headlines
"Some incredible pieces of history!"
yesterday
Less Prone favorited Doc Vega's blog post Unusual Discoveries and Headlines
yesterday
tjdavis posted a blog post
yesterday
Doc Vega posted a blog post

First Week of July 1947 an Inflexion Point for Humanity!

The year is 1947 and sometime around July 4th the anniversary of the birth our nation, when a…See More
yesterday
Doc Vega commented on Doc Vega's blog post Government Issued Wearables? What’s Wrong With this Picture?
"cheeki kea Ha! Good one!"
Friday
tjdavis posted a video

This is Paris Now… You Won’t See This in the Tourist Brochures

In this video, I take you through Marché Barbès and its surrounding neighbourhoods — an area that reflects the modern, complex face of Paris most tourists ne...
Friday
Doc Vega posted a blog post

Trump's Big Beautiful Bill Passes Amidst Democrat Lies About a Tax cut for the Rich Being Averted

AP Photo/Rod Lamkey, Jr.It’s over, folks. President Trump and congressional Republicans aimed to…See More
Thursday
Doc Vega posted blog posts
Wednesday
cheeki kea commented on Doc Vega's blog post Government Issued Wearables? What’s Wrong With this Picture?
"I wonder what wearables must have been like before the last reset. "
Wednesday
Burbia commented on Burbia's video
Tuesday
Doc Vega commented on tjdavis's blog post National Blueprint For Biodefense
"Another scare tactic to push people into anew regime of vaccinations! Either that, or this is a…"
Tuesday
Doc Vega posted blog posts
Jul 1

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted