SEC spoofed, malware hosted on US gov't server in new DNS attack

screen-shot-2017-10-12-at-08-30-38.jpg File Photo

Researchers have discovered a new version of the DNS Messenger attack which masquerades as the US Securities and Exchange Commission (SEC) and hosts malware on compromised government servers.

On Wednesday, security researches from Cisco Talos revealed the results of an investigation into DNS Messenger, a fileless attack which uses DNS queries to push malicious PowerShell commands on compromised computers.

A new version of this attack, which the team say is "highly targeted in nature," now attempts to compromise victim systems by pretending to be the SEC Electronic Data Gathering Analysis, and Retrieval (EDGAR) system -- recently at the heart of a data breach related to financial fraud -- in specially crafted phishing email campaigns.

These spoofed emails made them seem legitimate, but should a victim open them and download a malicious attachment contained within, a "multi-stage infection process" begins.

The malicious attachments used in this campaign are Microsoft Word documents. However, rather than using macros or OLE objects to gain a foothold into a system, the threat actors used a less common method of infection, Dynamic Data Exchange (DDE), to perform code execution and install a remote access Trojan (RAT).

http://www.zdnet.com/article/sec-spoofed-malware-hosted-on-us-govt-...

Views: 164

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

tjdavis posted videos
Thumbnail
Thumbnail
Thumbnail
9 hours ago
tjdavis posted blog posts
12 hours ago
Doc Vega posted a blog post

Is America on the brink of a Dire Emergency

 You might know if you have remained informed that America has been under asymmetric warfare for…See More
Saturday
0 Comments
tjdavis favorited Burbia's video
Thumbnail

CHARLIE KIRK WAS CNP! JOSH REEVES 9-11-25

Thursday
tjdavis posted videos
Thumbnail
Thumbnail
Thursday
rlionhearted_3 commented on Sandy's photo
Thumbnail

FB_IMG_1762715632283

Nov 11
cheeki kea posted a photo
Thumbnail

wartime rations

Nov 11
0 Comments
cheeki kea favorited tjdavis's blog post Propaganda,Cognitive Warfare Europes Self Destruction
Nov 11
cheeki kea commented on tjdavis's photo
Thumbnail

Sustenance

"Bacon health to the nation for one and all and stealth for operations elsewhere in the war. Yip a…"
Nov 11
Doc Vega posted a blog post

The Consequence of Loneliness: Another Missing Person Case

Chapter I“Unit 7, Unit 7. Do you read? This is dispatch!”“This is Unit 7, over!” Deputy Patterson…See More
Nov 10
0 Comments
Cora is now a member of 12160 Social Network
Nov 10
Welcome Them!
tjdavis's 3 blog posts were featured
Nov 10
Doc Vega's 6 blog posts were featured
3 more…
Nov 10
Sandy posted a photo
Thumbnail

FB_IMG_1762715632283

Nov 9
1 Comment
Doc Vega posted blog posts
Nov 9
tjdavis posted a video

Devo - Fresh

"Fresh" is from Devo's 2010 album, Something For Everybody. Video producer – Brian Carr/David VotteroVideo director – Gerald Casale & Davy Forcehttps://www.C...
Nov 8
0 Comments
Doc Vega commented on tjdavis's blog post Drones Used In Gaza Surveilling US Cities
"Remember that song by Alan Parsons "Eye in the Sky"?"
Nov 8
Snakedaddy favorited tjdavis's video
Thumbnail

How They Broke us All - ⚠️ WARNING: GRAPHIC

Nov 8
Doc Vega posted a blog post

7th December, 1941 The Day that Lived in Infamy

Nov 7
0 Comments
tjdavis posted blog posts
Nov 7

© 2025   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted