At Least Seven Patched Vulnerabilities Used in DNS Hijacking Campaign

Earlier this week, researchers at Cisco’s Talos Intelligence Group published a blog entitled DNS Hijacking Abuses Trust In Core Internet Service, which detailed a two-year attack campaign called Sea Turtle that targets a variety of businesses and government organizations, particularly those located in the Middle East and North Africa. Earlier this year, the United States Department of Homeland Security (DHS) published an alert about a DNS infrastructure hijacking campaign that referenced existing research from FireEye’s Threat Research team and Crowdstrike, along with an older blog from November 2018 published by Cisco Talos.

The Talos team provided some additional insight into the Sea Turtle campaign, specifically highlighting the use of at least seven previously patched vulnerabilities along with spearphishing emails. The vulnerabilities used by the attackers were either used to breach the organizations first or to move laterally within them post-compromise.

For more details about this story, please visit our blog.