Threat Actor Uses DNS Redirects, DNSpionage RAT to Attack Government Targets


Cisco Talos discovered a new malware campaign targeting a commercial Lebanese airline company, as well as United Arab Emirates (UAE) and Lebanon government domains.

According to Cisco Talos’ findings, the recently observed campaign could not be connected to other threat actors or attacks based on the used infrastructure and its Tactics, Techniques, and Procedures (TTP).

The actor was observed while using maliciously crafted Word and Excel documents powered by macros which would compromise targets visiting two fake job postings websites controlled by the attacker.

Read more…
Source: Softpedia