"DNSpionage Actors Adjust Tactics, Debut New Remote Administration Tool"

Threat actors behind the launch of the DNSpionage DNS hijacking campaign have modified their tactics, techniques, and procedures (TTPs), adding a new reconnaissance stage. They have also introduced a new remote administration tool, called Karkoff. The main targets of this campaign appear to be Lebanon- and United Arab Emirates-affiliated .gov domains. These websites' DNS servers are hijacked to redirect traffic and capture login credentials. This article continues to discuss the targets, alleged perpetrators, and TTPs of the DNSpionage DNS hijacking campaign, as well as the new tool used in this campaign, Karkoff.

SC Media reports "DNSpionage Actors Adjust Tactics, Debut New Remote Administration Tool"