2nd September, 2019
1 Min read
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.
Read more: Dark Reading