A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned.
The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure.
Read more…
Source: ArsTechnica
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Website for US deportation airline GlobalX defaced by hackers
May 5, 2025
Hackers defaced one of the websites of the airline at the center of President Donald Trump’s campaign of deportations to an offshore detention center in El Salvador, a Reuters viewing of the site showed on Monday. A message posted to a subdomain of GlobalX said the site had been hijacked by hackers operating under the banner ...
- Hundreds of top ecommerce sites under attack following Magento supply chain flaw
May 5, 2025
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. The company says ...
- TeleMessage, a modified Signal clone used by US government officials, has been hacked
May 5, 2025
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...
- Kidnappers in France target cryptocurrency entrepreneurs for ransom
May 4, 2025
French police rescued the father of a wealthy cryptocurrency entrepreneur in a nighttime raid after he was taken hostage for ransom, the latest alleged criminal effort in France to extort people involved in the management of digital assets. The man was kidnapped Thursday morning in Paris, the prosecutor’s office said Sunday. “The victim turned out to ...
- Scattered Spider hacking group allegedly behind cyber-attacks on Marks & Spencer
May 2, 2025
The culprit behind the M&S cyber attack is still a matter of investigation but speculation has pointed to a group called Scattered Spider. Also called UNC3944, Octo Tempest or Muddled Libra, Scattered Spider is a hacking group comprised of hackers – some thought to be as young as 16. Members are said to frequent hacker forums, ...
- Actively Exploited SAP NetWeaver Visual Composer Vulnerability Enables Remote Code Execution (CVE-2025-31324)
May 2, 2025
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform that functions as both an integration hub and application layer, enabling businesses to unify data, processes, ...