An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks.
Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking arsenal.
According to Diaz, Oilrig operators began using a new utility called DNSExfiltrator as part of their intrusions into hacked networks.
Read more…
Source: ZDNet